Blue Curtain Over The Desk Top.

[bdenner]

Before I start this machine came with Norton AntiVirus 2006 installed and kept up to date with the latest definitions but it looks like a virus.

A friend bought his near new Acer NoteBook over yesterday with a problem. After a normal XP boot up the screen is blue (lighter than the ‘Blue Screen of Death’) with only the curser present. We were able to bring up the ‘Task Manager’ which allowed us to run several applications but not all including the Control Panel and Windows Explorer. They appear to boot but disappear behind the curtain? We ran the system restore routine to the earliest date without success.

Booting up in ‘Safe Mode’ produced the same results accept we had a black screen. Thinking that we will have to reinstall the OS we needed to back up some of his data files, I tried to do this through the ‘Safe Mode’ Prompt option. That came up OK but it was here we found his keyboard character set was corrupt, some characters relocated or missing including the “\”. Near on impossible to write DOS commands without it. As he hadn’t shared any of his drives or folders I could not access the data over a network connection.

Any ideas? Oh - and, yes, the guy has been briefed on the importance of backing up his data.

[cdnvic]

Have you tried booting from a cd to see what happens with the display then?

[sabajja]

Blue curtain is basically the same as the explorer and desktop aren't loading.

(No taskbar either)

You can still dos navigate by typing "CMD" under the run option in task manager.

I'd suggest downloading HijackThis and try to run a scan and post the results in a specialists forum such as:

http://forums.techguy.org/ in their security section.

I don't think this is going to be an easy nut to crack without really knowledgeable people helping you out.

A simple way to backup the data is to follow cdnvic's advice and boot from a

rescue CD of some kind, preferrably one with an explorer interface.

Then simply lift all the important stuff to the D: drive if a reformat would be neccessary.

This BootCD is great (Freeware), it will also allow you to backup the drivers

from a failing system: http://ubcd4win.com/

Edited January 31, 2007 by sabajja

[Simmo]

Sounds like this trojan

http://www.sarc.com/avcenter/venc/data/tro...ophijack.b.html

Some instructions on removal there.

[cdnvic]

Sounds like this trojan

http://www.sarc.com/avcenter/venc/data/tro...ophijack.b.html

Some instructions on removal there.

Don't bother, It's not that infection. Desktophijack is are very blatent about telling the infected user that they're there. Also, if it's an up to date antivirus as reported, it would have caught an old signiture like that.

[pampal]

If the computer has two partitions or more on the hard disk, install an additional OS like XP into the second partition and use that to access the first partition and save/copy his data to a cd.

[bdenner]

Thank you for your replies. I'm currently downloading

A simple way to backup the data is to follow cdnvic's advice and boot from a

rescue CD of some kind, preferrably one with an explorer interface.

Then simply lift all the important stuff to the D: drive if a reformat would be neccessary.

This BootCD is great (Freeware), it will also allow you to backup the drivers

from a failing system: http://ubcd4win.com/

and will try it. He does have a D:\ drive configured but it was empty.

The NoteBook was bought in Dubai, it came with manuals but no recovery or OS disks and I'd bet the OS is dodgy, it does not have a floppy drive! Both C: and D: have been formatted FAT32??. I wonder what other suprises are awaiting me. He has taken it to Udon today to consult with the local 'specialists' (I use that term loosely).