From: Richard Oliver on
A friends computer running Win XP Home has been infected by numerous
virus /malware etc.
I have run several antivirus programs such as Trend Micro ,Antivir and
Malware Bytes.
The machine now appears to be clean but will not start in Safe
mode,there is no Run mode nor msconfig available.
There is a popup on startup looking for ryr.exe which a search on Google
reveals as malware.
I would appreciate some help in getting this system back in good order
again.
Regards,Richard
From: David H. Lipman on
From: "Richard Oliver" <R.Oliver(a)Spam.co.za>

| A friends computer running Win XP Home has been infected by numerous
| virus /malware etc.
| I have run several antivirus programs such as Trend Micro ,Antivir and
| Malware Bytes.
| The machine now appears to be clean but will not start in Safe
| mode,there is no Run mode nor msconfig available.
| There is a popup on startup looking for ryr.exe which a search on Google
| reveals as malware.
| I would appreciate some help in getting this system back in good order
| again.
| Regards,Richard

Find the place the loads ryr.exe and remove it so the OS no longer wants to load it.

What do you mean no "Run mode " ?
There is no "Run" as a statup item ?

As for the no Safe Mode, it could be the load sequence to load Safe Mode has been too
corrupted to work anymore.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


From: Buffalo on


Richard Oliver wrote:
> A friends computer running Win XP Home has been infected by numerous
> virus /malware etc.
> I have run several antivirus programs such as Trend Micro ,Antivir
> and Malware Bytes.
> The machine now appears to be clean but will not start in Safe
> mode,there is no Run mode nor msconfig available.
> There is a popup on startup looking for ryr.exe which a search on
> Google reveals as malware.
> I would appreciate some help in getting this system back in good order
> again.
> Regards,Richard

Found this and it may help you locate and rid yourself of that ryr.exe.
"SOFTWARE ASSESSMENT: PREVX 4 AXES OF EVIL METHODOLOGY
1. COVERT ANALYSIS OF: 0BXFHZ.EXE
a.. File Names Used: 3
b.. Paths Used: 1
c.. Common File Name: 0BXFHZ.EXE
d.. Common Path: %TEMP%\
e.. Vendor Information: No Vendor details specified
f.. 0BXFHZ.EXE may use 3 or more path and file names, these are the most
common:
g.. 1 :%TEMP%\0BXFHZ.EXE
h.. 2 :%TEMP%\RYR.EXE
i.. File Name Structure: Normal
j.. File and Path Structure: Normal"
Buffalo


From: Dustin Cook on
Richard Oliver <R.Oliver(a)Spam.co.za> wrote in
news:lq8dl5hc89e46j9tcjc9l94ceck1d8lpp1(a)4ax.com:

> A friends computer running Win XP Home has been infected by numerous
> virus /malware etc.
> I have run several antivirus programs such as Trend Micro ,Antivir
> and Malware Bytes.
> The machine now appears to be clean but will not start in Safe
> mode,there is no Run mode nor msconfig available.
> There is a popup on startup looking for ryr.exe which a search on
> Google reveals as malware.
> I would appreciate some help in getting this system back in good order
> again.
> Regards,Richard
>

You sure do run across alot of friends or relatives suddenly in need of
your assistance. :) Have you tried checking the mbam forums? They do
offer assistance. I'll give you the benefit of the doubt for now and
assume you really are just a normal user trying to help your friends,
and not some wannabe technician :)


--
"Is there anything in Guul Draz that doesn't suck the life out of you?"
- Tarsa, Sea Gate sell-sword.

From: Dustin Cook on
FredW <fredw(a)blackholespam.net> wrote in
news:j50el5htvkijs3d8e87vh0o2i3jcqkcquc(a)4ax.com:

> On Wed, 20 Jan 2010 08:38:29 +0200, Richard Oliver
> <R.Oliver(a)Spam.co.za> wrote:
>
>>A friends computer running Win XP Home has been infected by numerous
>>virus /malware etc.
>>I have run several antivirus programs such as Trend Micro ,Antivir
>>and Malware Bytes.
>>The machine now appears to be clean but will not start in Safe
>>mode,there is no Run mode nor msconfig available.
>>There is a popup on startup looking for ryr.exe which a search on
>>Google reveals as malware.
>>I would appreciate some help in getting this system back in good order
>>again.
>
> Short answer to get the system back in good order:
> It is time to do a "Format C:\" and reinstall Windows.
>

Is the format really necessary tho?


--
"Is there anything in Guul Draz that doesn't suck the life out of you?"
- Tarsa, Sea Gate sell-sword.