Hi Guys,
First of all, thanks for this forum, i’ve been using it for a while now to sort out virus problems, but i think i’ve gotten myself in a bit deeper than i can fix by gleaning off of other posts.
I’ve had problems with Antivirus XP 2008 (never installed it) in the past, and i followed the advice given in other posts to get rid of it (it was a while ago so i can’t remember the exact order):
Ran a boot time scan with Avast!
2.Installed and ran malewarebytes
Installed Advanced system care and ran that to “clean up”
This seemed to work great, and my computer ran well until today when i started it up , and all hell broke loose.
It started off with popups saying that maleware had been detected, and that avast was blocking acess to malicious sites.I’d click move to chest, and another one would just pop up (sorry i can’t get the file names, keep reading) Also, it replaced my desktop background with one saying that i was infected with a virus, and should buy some software to fix it (typical of antivirus XP 2008). I managed to schedule a boot time scan and restarted. When i started the computer again the same thing happened, except avast alsofound a rootkit, and finally it got to a file called LEHETOJO.DLL in the system32 folder and when i tried to move it to the chest, it said avast couldn’t process it. After cycling through that a few times, exporer dissapeared leaving just the avast warning message up. Finally, i decided to try re-booting. when the computer started up again it gets to the windows XP login screen, and when i click on my username to log in, it will log in, flash the desktop (the correct one) and then log me back out again.
I’ve unplugged my computer from the internet, and now i’m stuck
I’m running windows XP, and i’m not sure which version of avast! i’m running.
Any help would be appreciated
Did you run MBAM from safe mode if not I suggest you do.
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).
Also you could try a rescue cd, these are fully updated AV programs, that run without booting windows. I believe Avira can remove rogues, not sure about DrWeb.Basically with Avira, use a clean pc, download the file, double click,you will be prompted to insert cd, burn to cd.Insert cd into infected machne and reboot, follow instructions from link.
instructions http://forum.avira.com/wbb/index.php?page=Thread&postID=730130#post730130
Hello, I’ve downloaded SUPER antispyware, and have tried to install it in safe mode, however i get the message “the system administrator has set policies to prevent this installation”. I am logged in as the administrator, and have tried to run it as the administrator (by right cliking, run as…) but it then says that the “service cannot be started in safe mode”. I have tried opeing the install menus on other programs (adAware 2008, winamp, etc. ) and they all started with no troubles. I also ran AdAware with no real success.
I have read a post on another forum that says:
"
indows XP Group Policy “system” can be set to block install.
Viruses amd Spywares can “mask” themselves and give this message when
you try to install “known” spyware removal tools. Does this message
occur with other anti-spyare tools (like Spybot and Spyware
Terminator?)
"
But i tried installing spyware terminator, and starting that has had no problems (didn’t actually install it yet). i did look and see that there is another user profile created, administrator.ROB-BVWG5FKKIE8.rar, that i don’t think was there before. This profile is not visible in the User accounts screen in the control panel
Try renaming the Superantispyware installer file.
Once it is installed, go to the Suerantispyware folder in Program Files, rename the .exe (the one with the icon, but leave the “.exe” intact) and see if that will work.
Rename the installer and main .exe (after installation) to something like “robandrews.exe” (or anything you like, really, provided a file of the same name doesn’t already exist.)
Please do not in future post live links to a malware site. You can sanitize them by replacing the “tt” in http with “x”'s, a common convention.
Did you try MBAM in safe, (as suggested above)? MBAM should kill it. Run scans (2) in safe, reboot if prompted (unlikely in safe) and then try normal mode. If the PC will load in normal, run MBAM immediately.
Thought of following any of the software recommendations above?
Also DrWeb Cureit has a pretty good kill rate with this sort of thing.
When was the last time you updated MBAM ? What version and database of MBAM are you using ? Can you post a log of the scan results ? Also try the rescue discs.Dr web Cureit can be run in safe mode and needs no updating
Hi :