Solved Likely rogueware infection win7/screen turns black during boot

[value]

Hello,

System: Win732 bit SP1
CPU: Intel dual core E-2160
Ram: 2GB

When I boot regularly my screen just turns black prior to logging into windwos, i can hear the log on/off sounds.

It works in safemode with network drivers.

I ran antimalwarebytes and I had one infection by some "Rogueware.lnk".mp3 on my desktop which I removed with mab.

As of right now I'm running ESET online scan in safe mode and it found one infection "Win32/Opencandy".

I can assume that all hardware/drivers are working properly.

Why is my screen turning black all of a sudden when booting and how to get rid ofit?

Any help is welcome.

Thank you.

 

[Tews]

A quick system restore to a point before you were infected may do the trick ... however, getting into the habit of imaging your drive, is IMO, the number one step in any security policy ... its a lot easier to restore an image than it is to re-install the OS and all of your applications ... let us know how it comes out ...

This will show you how to do a System Restore to restore your Windows 7 system files to an earlier point in time. It's a way to undo system changes to your computer without affecting your personal user files, such as e‑mail, documents, or photos.


System Restore

This will show you how to create a system image (clone) backup of the entire hard drive or partition that Windows 7 is on, and any other selected drive or partition. You can use this image to be able to do a system image recovery to restore the hard drive or partition at boot back to the way it was at the time the backup image was created.

Backup Complete Computer - Create an Image Backup

 

[value]

Thank you for your effort Tews, I should have mentioned that this isn't my system and system restore was turned off so no easy way around it.
He also doesn't find his OEM win 7 CD and never made a recovery disc.

Eset online scan finished with these results:

C:\Users\fatcap\Downloads\cdbxp_setup_4.3.7.2423.exe Win32/OpenCandy application deleted - quarantined

E:\Torrrent\Complete\Betfair Ebook Sofware Fairbot OddzBreaker BetTraderPro Betting Assistant Arbitrage Trading and Patch Win32/Spy.ProAgent.20 trojan deleted - quarantined

 

[Sub Styler]

"E:\Torrrent\Complete\Betfair Ebook Sofware Fairbot OddzBreaker BetTraderPro Betting Assistant Arbitrage Trading and Patch"

Possibly the most suspicious looking folder in the world ever?

 

[Tews]

From the looks of things, your friend is going to have to borrow an OEM disc from someone and use his COA key to activate it ... and tell him to stay away from torrent sites ... Good luck!

 

[value]

Yeah, finding those infection/files was not a pleasant surprise for me either.

Removing those infections didn't change anything on the issue though, I'm only able to boot into safe mode with networking and can do pretty much whatever, but while trying to boot regularly the Monitor turns to "no signal" after the boot screen, before you'd come to the login screen.

Is it even that likely that the issue is some malware?
I'm just following this route because the system is such a mess.

//edit, he finally found his COA key, but how do I go from there and why would it matter?
At least he runs a legit OEM license and we have an installation disc. But is there any way around a new install? He doesn't have any backups, any space on the hdd left or any other media I could use for backups right now.

Can anyone make use of some HJT or other logs I could post from safemode?

 

[Sub Styler]

it could be something as simple as an out of range resolution, can you start it in: low-resolution video (640×480) mode from the F8 Boot menu?

 

[value]

Yes, was the first thing I did, didn't work either.
But as I see now, the monitor/gpu and drivers are up to date and no other apparent issues in safe mode.

Just that the friggin screen gets no signal when I boot regulary.

Don't really know how to proceed from here.

 

[Sub Styler]

Its easy to blame malware as it is often badly written with no care and attention, often deliberately destructive and for this reason can cause any number of side effects.

Proably worth trying a re-install of the graphics driver from safemode if you havent already?

 

[value]

Good idea, thank you! Rep added.

Haven't done that yet and will do as last try before a reinstall.


//The data he got is mostly bullshit anyways so he kind of deserves it