Hi. I am trying to boot into safe mode in Windows XP (office) to deal with trojan horses (Vundo.gen.w/spy-agent.bw.gen.e) infections. I am able to get to the safe mode option screen via "f8", but it will only load some drivers and then it returns to the safe mode option screen (endless loop).
Further I cannot access the system config utility via "run". I open up the run dialog box and type "msconfig" nothing happens.
An ideas? What would happen if I run a full virus scan (with system restore off) without being in safe mode?
Obviously you have no choice right now to run the virus scan in normal mode. You also need to run a program to clean off malware and stuff IE: Malwarebytes, HiJackthis, etc...
As for what will happen, nothing other than it might clean the crap off the drive.
To use a Safe Boot option, follow these steps:
Restart your computer and start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears.
Select an option when the Windows Advanced Options menu appears, and then press ENTER.
When the Boot menu appears again, and the words "Safe Mode" appear in blue at the bottom, select the installation that you want to start, and then press ENTER.
If you can not boot in safe mode, I think the best way is to re-install system.
The OP has already tried to f8 into safe mode. Obviously it's not working. I would try a scan in normal mode to see if by chance it'll pick up anything. You can try Avira and Malwarebytes to see if they can clean it up. You could also slave drive your hard drive into another PC and scan it there.
Thanks again guys- everything you are saying seems to be consensus across the web. I sent this query to each of you individually, but thought maybe the answers could help others, so am posting questions here also.
I have one more question: McAfee reports I have two trojans: the spy-agent.be.gen.e and vundo.gen.ab. They have - at this point- disabled my firewall, safemode, msconfig, and likely mcAfee's ability to remove them. After much research, and the realization that most people in my position cannot get rid of the trojans, I am preparing to save my "my document" files on an external hard drive and then wipe the laptop and reinstall the entire operating system.
Does anyone think there is risk that I will preserve the trojan/virus by saving my files from "my documents"(just MS Word Docs, pictures, book keeping back up files and music.) to an external hard drive? If so, how do I avoid it?
Second Query: It occurs to me that I could try to first manually remove all the virus/trojan files, registry keys and programs mcAfee has identified (about 50). However, I have read its extremely risky to manually delete files and programs and registry keys if you don't know what you are doing. But here is my question:
Suppose I screw something up and delete a legitimate file, program or key- will it matter if I am just going to reinstall my operating system anyway?
A clean install will repair any damage you accidentally do if you screw something up. It's worth a shot.
I would really recommend malwarebytes though. I always recommend running in safe mode with networking. However, it's obviously not an option for you. So try running it in normal windows and see if it can clean things up.
Again, Much thanks! I think I will first try to run the malwarebytes and then I necessary try manual deletions... I have heard you should run hyjackthis, then superantispyware, then malewarebytes and then combofix.exe. Seems like a li=ot but then again, I don't want to deal with this ever again.
you are right I have nothing to lose at this point, and it could be a good learning experience.