Used SmitfraudFix, and now can't boot in Normal Mode. HELP!

Hey all.

Okay, I'm going to start simple. I'm running XPMCE with SP2, and I had that goddamned "Your browser is infected" popup occurring *not only in IE, but also in any Explorer window*. So after a little analysis and research, I decided to run the smitfraudfix app as directed. Now, after following all the directions and guidelines, it seems that my computer won't run in normal mode anymore. It hangs at mup.sys, and my bootlog says that everything after mup.sys (ACPI being the first) did not load. It'll boot in safe mode with no problem, but obviously that's just not good enough.

I've already pursued a few other remedies related to ACPI/Mup problems reported around the web, such as resetting CMOS and removing USB devices, but those were dead ends. Has anyone got any new advice for me?

Thanks,

Jimmy

 

Did you try Start>Run>type,CHKDSK?

 

Hadn't yet, doing it now. Also, I've started a Panda scan and it's so far told me I have one file that seems to be spyware. I tried to install AdAware, but - OOPS - I can't install that in safe mode. I'll be back shortly with more info as I get it. Thanks for your help. :>

 

UPDATE: I'm still not done the Panda scan (I have a nutload of files on that drive) but it's so far found an embarrassing 6 viruses, 9 spyware files and 3 hack/rootkits. I'm not sure at this point if maybe I should just pay Panda to take care of them all (I'm sure they're the real problem here) since it's only seventeen bucks... Any advice, y'all?

 

try last known good configuration then run avg antivirus, avg anti-spyware. set all actions to quarantine. it worths a try

 

Panda's done, and it found a lot of nonsense stuff. It got rid of some viruses, but a lot of the stuff it found was just harmless cookies and stuff, as well as most of the stuff in the Smitfraud Fix folder. I did, however find a couple of shady files in the Downloaded Program Files folder. GONE.

Now, as for "Last Known Good"... It didn't work in any of my last few tries, and for some reason the computer wouldn't start from baseline normal mode, but then, magically.... Last Known Good comes through, and I'm back up in normal mode. I also cancelled the loading of some service during the boot process, but I don't know if that made any difference or not. All I know is that now my machine is back up and running in Normal Mode, and everything seems to work.

Now, I think I'll run a few more scans and programs to make sure I can keep this thing running normally the next time I need to restart. If anybody has any thoughts on how to maintain this now-workable state and preserve it, I'm all eyes.

 

hmmm. i'm glad it works fine now. try run a couple of scans see if something pops up. and if its not a bother, can you post hjt log so someone of us can take a look at it.

 

Two things I would consider in that situation:

1) Setting a restore point while system is working.

2) Setting chkdsk /f to run the next time the system has to be restarted. (Or if the system won't restart, try running the chkdsk with the fix option from safe mode.)

Also, under explorer, tools, delete browsing history, I would at a minimum delete the temp internet files and cookies-those wouldn't have anything to do with smitfraud fix, but they would eliminate a couple of possibilties for other problems.


-------------------------------------

In reviewing other threads, I saw echoreply recommending this online scanner:

try a online scan here;

ESET online scanner:

http://www.eset.com/onlinescan/

uses Internet Explorer only
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan unwanted applications"
when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt

This is an online scanner that I have liked for several years but I don't know how it does with some of the current more difficult issues:

http://housecall65.trendmicro.com/

 

Well, everything's been running for a while now with no problems. I haven't had to reboot yet, but I've also had time to consider another possible cause for the problem I had. The point at which the boot was stalling is deceptive and doesn't necessarily yield any usable information. As the boot was humming along, I was offered the chance to cancel the loading of vaxwhateveritwas.sys (not the real name), which I did. I realized later that another significant consideration might be that I was using Alcohol to mount a disc image, which I'd never done before. The .sys I cancelled was directly related to Alcohol's operations, so I think that might have been the culprit and I was just a victim of some misleadingly bad timing.

SO. I doubt Smitfraud was my problem after all. The usual fixes, checks and scans were all just what was called for here, and it should be noted by those with mup.sys boot stalls might be well advised to take notice of any virtual drives they have mounted. Cancelling the loading of the VAXsomething.sys driver could get you past the sticking point.

Thanks to all for your help and attention.