Getting a message while booting in XP "surabaya in my birthday" Please help

ajayritik · Sep 7, 2008

Whenever I start up my PC I get the following message:
81u3f4nt45y-24-01-2007 surabaya
surabaya is my birthday
don't kill me i m just send massage from your computer

I have formatted my C: and reinstalled Windows XP but still the problem persists. Do I have to format all the drives? I tried installing Kaspersky and scanning my computer but after installing it I'm unable to scan my PC. I tried installing NOD 32 and then I get a message repeatedly from NOD 32 telling system infected by WIN32/Satity.Nam virus. Even after I click on delete that window comes up back again asking again to delete.

I have tried to search for a fix for this but didn't find anything substantial on the net. Has anyone experienced this problem?

One more thing this is not my PC this is my friend's PC. He doesn't have internet at home so we can't update the antivirus definitions.

Please help!

Ecko · Sep 7, 2008

Try Avast 4.8 & choose Yes when asked 4 bootitme scan on installation

ajayritik · Sep 8, 2008

Which antivirus is free as well as we can download the definitions from the internet and then update them? As my friend doesn't have internet at home.

raksrules · Sep 8, 2008

Go for Avast. It is free (you do need to register). You can also find it in the Digit CD/DVD under essentials. There are updates available in the magazine CD/DVD too. Incase you have internet connection at home, avast will update the virus definitions so you need not worry about that.

rakesh14021983 · Sep 8, 2008

Firstly ... the virus is called Win32/ Sality and NOT Satity (i think??) ...

check the link given below.. it has detailed instructions for removal of the same.
*www.symantec.com/security_response/writeup.jsp?docid=2006-011714-3948-99&tabid=3

Also, you could do an online scan here ---> *www.pandasoftware.com/products/activescan.htm

Note: If u use avast, then u will get a false alert when you try to download the activex for Panda...

Also... try doing a scan with Hijackthis and post the log... it shud tell us wat nasty entries u got...

Hope this helps..

ajayritik · Sep 8, 2008

Do you think formatting all the drives will solve my problem? As I have mentioned the problem is with my friend's PC and he doesn't have internet at home. If at all I try to get the logs of hijackthis from his PC and then copy to my PC to post it here then my PC also may get infected with this worm. Anyways I will try the resolutions provided here. Thanks to all of you for your responses.

comp@ddict · Sep 8, 2008

Formatting will wipe it out dude, just like it will wipe out all your info on you HDD

choudang · Sep 8, 2008

comp@ddict said:
Formatting will wipe it out dude, just like it will wipe out all your info on you HDD

yes, but also flash the MBR by

Code:

fdisk/mbr

if you don't have very much important data, go for a low level format.

ajayritik · Sep 8, 2008

It's been years since I did a low level format. I remember doing it using the DM CD which came with my Seagate Hard disk. Do we get any other tools with which we can do a low level format?

Can you let me know more about flashing the MBR? Do I have to do it before formatting or after formatting.

Also as I mentioned earlier I had formatted the C: but still the issue persisted. Do you think this could have come from other infected drives which I didnt format.

thewisecrab · Sep 9, 2008

Perform an AV scan with NOD32 or Kaspersky Trial versions (the trials should suffice for removing the stupid virus)
I advise against formatting if you have too much data on your entire HDD, not C: drive alone as I guess the virus must have created entries in the roots of the other drives.
Try this:
*www.techsupportforum.com/security-...p/220766-81u3f4nt45y-24-01-2007-surabaya.html

ajayritik · Sep 9, 2008

thewisecrab said:
Perform an AV scan with NOD32 or Kaspersky Trial versions (the trials should suffice for removing the stupid virus)
I advise against formatting if you have too much data on your entire HDD, not C: drive alone as I guess the virus must have created entries in the roots of the other drives.
Try this:
*www.techsupportforum.com/security-...p/220766-81u3f4nt45y-24-01-2007-surabaya.html

Dude I had installed Kaspersky trial version but it was not working. When I try to scan using Kaspersky I found it to be disabled. Then later when I installed NOD32 it did find the Sality.NAM virus which was detected multiple times and later the PC hung or got stuck.

Data is not an issue since there isn't any critical data in the other drives. The only concern is that the virus shouldn't resurface again so I wanted to be cautious about it.

TheIndian · May 1, 2009

Use INNOBATE AntiGen to detect this worm on your computer system for free. It can be also removed with this software specifically designed to remove this threat from your computer system.

Download it from:- *www.thedownloadplanet.com/catalog/item/64333/ and also downloaded directly from the software publisher's website:-
*www.innobate.com/Products/InnobateAntiGen/Index.HTM

This software will remove this virus from your computer system.

prateek007391 · May 1, 2009

Go to Start ----------> Run

Type system.ini

and tell me what is written there

also download HijackThis

*www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

install it on you system and run a system scan and generate report and then

and send me the report

ajayritik · May 1, 2009

TheIndian said:
Use INNOBATE AntiGen to detect this worm on your computer system for free. It can be also removed with this software specifically designed to remove this threat from your computer system.

Download it from:- *www.thedownloadplanet.com/catalog/item/64333/ and also downloaded directly from the software publisher's website:-
*www.innobate.com/Products/InnobateAntiGen/Index.HTM

This software will remove this virus from your computer system.

prateek007391 said:
Go to Start ----------> Run

Type system.ini

and tell me what is written there

also download HijackThis

*www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

install it on you system and run a system scan and generate report and then

and send me the report

Dear Friends it's been so long since I had that problem. It has been rectified long back. Anyways thanks for timely response from both of you!

prateek007391 · May 1, 2009

yes I realised this when I posted on ur thread

I don't know how this thread appeared on my CP, I never subscribed for it

This is just because of that "TheIndian" spoiling his name and the name of crores of Indians, he wasted his first post on such an old article

May be he is too new

prateek007391 · May 1, 2009

any way If u have any other problem keep on posting.

NucleusKore · May 1, 2009

He must be a bot

prateek007391 · May 1, 2009

NucleusKore said:
He must be a bot

wat do ya mean???? :?:

it_waaznt_me · May 1, 2009

Though OP's problem was solved by formatting the system,this is for the benefit of others who get the same problem, here is the simple cure for it: Most infected files wouldve been removed by the antivirus , but to remove the stupid message at startup, you need to delete two keys from registry :
Start > Run > Regedit {Press Enter}
Navigate to
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
And delete LegalNoticeCaption and LegalNoticeText keys and you wont get that prompt at startup.

ajayritik · May 1, 2009

prateek007391 said:
wat do ya mean????

Cool down dude! He was referring to TheIndian not you.

Getting a message while booting in XP "surabaya in my birthday" Please help

Technomancer

Wandering In Tecno Land

Technomancer

Youngling

Broken In

Technomancer

EXIT: DATA Junkyard

Padawan

Technomancer

AFK

Technomancer

Right off the assembly line

In the zone

Technomancer

In the zone

In the zone

TheSaint

In the zone

Coming back to life ..

Technomancer