# Getting a message while booting in XP "surabaya in my birthday" Please help



## ajayritik (Sep 7, 2008)

Whenever I start up my PC I get the following message:
*81u3f4nt45y-24-01-2007 surabaya*
* surabaya is my birthday
don't kill me i m just send massage from your computer 

*I have formatted my C: and reinstalled Windows XP but still the problem persists. Do I have to format all the drives? I tried installing Kaspersky and scanning my computer but after installing it I'm unable to scan my PC. I tried installing NOD 32 and then I get a message repeatedly from NOD 32 telling system infected by WIN32/Satity.Nam virus. Even after I click on delete that window comes up back again asking again to delete. 

I have tried to search for a fix for this but didn't find anything substantial on the net. Has anyone experienced this problem? 

One more thing this is not my PC this is my friend's PC. He doesn't have internet at home so we can't update the antivirus definitions. 

Please help!


----------



## Ecko (Sep 7, 2008)

Try Avast 4.8 & choose Yes when asked 4 bootitme scan on installation


----------



## ajayritik (Sep 8, 2008)

Which antivirus is free as well as we can download the definitions from the internet and then update them? As my friend doesn't have internet at home.


----------



## raksrules (Sep 8, 2008)

Go for Avast. It is free (you do need to register). You can also find it in the Digit CD/DVD under essentials. There are updates available in the magazine CD/DVD too. Incase you have internet connection at home, avast will update the virus definitions so you need not worry about that.


----------



## rakesh14021983 (Sep 8, 2008)

Firstly ... the virus is called Win32/ Sality and NOT Satity (i think??) ...

check the link given below.. it has detailed instructions for removal of the same.
*www.symantec.com/security_response/writeup.jsp?docid=2006-011714-3948-99&tabid=3

Also, you could do an online scan here ---> *www.pandasoftware.com/products/activescan.htm

Note: If u use avast, then u will get a false alert when you try to download the activex for Panda...

Also... try doing a scan with Hijackthis and post the log... it shud tell us wat nasty entries u got...

Hope this helps..


----------



## ajayritik (Sep 8, 2008)

Do you think formatting all the drives will solve my problem? As I have mentioned the problem is with my friend's PC and he doesn't have internet at home. If at all I try to get the logs of hijackthis from his PC and then copy to my PC to post it here then my PC also may get infected with this worm. Anyways I will try the resolutions provided here. Thanks to all of you for your responses.


----------



## comp@ddict (Sep 8, 2008)

Formatting will wipe it out dude, just like it will wipe out all your info on you HDD


----------



## choudang (Sep 8, 2008)

comp@ddict said:


> Formatting will wipe it out dude, just like it will wipe out all your info on you HDD


 
yes, but also flash the MBR by 
	
	



```
fdisk/mbr
```
if you don't have very much important data, go for a low level format.


----------



## ajayritik (Sep 8, 2008)

It's been years since I did a low level format. I remember doing it using the DM CD which came with my Seagate Hard disk. Do we get any other tools with which we can do a low level format? 

Can you let me know more about flashing the MBR? Do I have to do it before formatting or after formatting.

Also as I mentioned earlier I had formatted the C: but still the issue persisted. Do you think this could have come from other infected drives which I didnt format.


----------



## thewisecrab (Sep 9, 2008)

Perform an AV scan with NOD32 or Kaspersky Trial versions (the trials should suffice for removing the stupid virus)
I advise against formatting if you have too much data on your entire HDD, not C: drive alone as I guess the virus must have created entries in the roots of the other drives.
Try this:
*www.techsupportforum.com/security-...p/220766-81u3f4nt45y-24-01-2007-surabaya.html


----------



## ajayritik (Sep 9, 2008)

thewisecrab said:


> Perform an AV scan with NOD32 or Kaspersky Trial versions (the trials should suffice for removing the stupid virus)
> I advise against formatting if you have too much data on your entire HDD, not C: drive alone as I guess the virus must have created entries in the roots of the other drives.
> Try this:
> *www.techsupportforum.com/security-...p/220766-81u3f4nt45y-24-01-2007-surabaya.html



Dude I had installed Kaspersky trial version but it was not working. When I try to scan using  Kaspersky I found it to be disabled. Then later when I installed NOD32 it did find the Sality.NAM virus which was detected multiple times and later the PC hung or got stuck. 

Data is not an issue since there isn't any critical data in the other drives. The only concern is that the virus shouldn't resurface again so I wanted to be cautious about it.


----------



## TheIndian (May 1, 2009)

Use INNOBATE AntiGen to detect this worm on your computer system for free.  It can be also removed with this software specifically designed to remove this threat from your computer system.

Download it from:- *www.thedownloadplanet.com/catalog/item/64333/ and also downloaded directly from the software publisher's website:-
*www.innobate.com/Products/InnobateAntiGen/Index.HTM

This software will remove this virus from your computer system.


----------



## prateek007391 (May 1, 2009)

Go to Start ----------> Run

Type system.ini

and tell me what is written there

also download HijackThis 

*www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

install it on you system and run a system scan and generate report and then 

and send me the report


----------



## ajayritik (May 1, 2009)

TheIndian said:


> Use INNOBATE AntiGen to detect this worm on your computer system for free.  It can be also removed with this software specifically designed to remove this threat from your computer system.
> 
> Download it from:- *www.thedownloadplanet.com/catalog/item/64333/ and also downloaded directly from the software publisher's website:-
> *www.innobate.com/Products/InnobateAntiGen/Index.HTM
> ...





prateek007391 said:


> Go to Start ----------> Run
> 
> Type system.ini
> 
> ...


Dear Friends it's been so long since I had that problem. It has been rectified long back. Anyways thanks for timely response from both of you!


----------



## prateek007391 (May 1, 2009)

yes I realised this when I posted on ur thread

I don't know how this thread appeared on my CP, I never subscribed for it

This is just because of that "TheIndian" spoiling his name and the name of crores of Indians, he wasted his first post on such an old article

May be he is too new


----------



## prateek007391 (May 1, 2009)

any way If u have any other problem keep on posting.


----------



## NucleusKore (May 1, 2009)

He must be a bot


----------



## prateek007391 (May 1, 2009)

NucleusKore said:


> He must be a bot




wat do ya mean????


----------



## it_waaznt_me (May 1, 2009)

Though OP's problem was solved by formatting the system,this is for the benefit of others who get the same problem, here is the simple cure for it: Most infected files wouldve been removed by the antivirus , but to remove the stupid message at startup, you need to delete two keys from registry : 
Start > Run > Regedit {Press Enter}
Navigate to 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
And delete LegalNoticeCaption and LegalNoticeText keys and you wont get that prompt at startup.


----------



## ajayritik (May 1, 2009)

prateek007391 said:


> wat do ya mean????


Cool down dude! He was referring to *TheIndian *not you.


----------



## mayanksahni (May 2, 2009)

Format ur complete HDD and u'll get rid of it.


----------



## prateek007391 (May 2, 2009)

ajayritik said:


> Cool down dude! He was referring to *TheIndian *not you.




oh!!!!!!! is it that one


----------



## ajayritik (May 2, 2009)

mayanksahni said:


> Format ur complete HDD and u'll get rid of it.


Dude this problem happened last year and it's been resolved long time back. Thanks for your timely response.


----------

