I am gradually losing the computer. First Avast disappeared and eventually found that it had been disativated. I cannot get cMalawarebytes to open and now not ven any IE page. I cannot open Java in the ControlPanel. I can no longer go into safe mode… I tried to do a systen«m restore but can’t open the necessary page, etc,
E
What do I do now?
Thanks~
1.Get dr.web cure it and scan your computer with it
http://www.freedrweb.com/cureit/?lng=en
2.After doing that download mbam and do a full scan after updating it.
http://www.malwarebytes.org/mbam.php
3.Do a hijack hunter log and post it.
http://www.novirusthanks.org/products/hijack-hunter/
Those are the first steps
could we have a picture of your taskmngr?Also msconfig.Click start>run>msconfig>Start
Hi qim
If you are totally unable access your computer to scan your computer, you will need to a Bootable Antivirus to scan and remove all malwares, Here is manual how to use one: http://www.omidfarhang.com/computer/security/avira-rescuecd (You will need to Burn the disc using a clean computer)
And then return to windows and scan your computer using Hitman Pro:
How to use it: Download Hitman Pro (or Hitman Pro 64 Bit) to your desktop, Hold the Left Ctrl Key on your keyboard and double click on Hitman Pro to run it, keep Ctrl key holding until Hitman Pro screen appear. then click on next and let it scan your computer, let it remove the malwares it find, if it ask you for license active the 30 Days trial version. after removal, restart your computer.
if you have windows installation disc, after reboot your computer, insert the disc in drive, open ‘Run’ and type ‘sfc /scannow’ to let windows restore damaged or missing windows files from installation disc.
Now repair avast by going to control panel → Add/remove programs (Program and Features in Vista/7) → select avast, click change, in the opened windows scroll down to find repair, select it and follow setup to repair avast.
Thank you everybody
Meanwhile, after a good night sleep the computer has regained most of what it had lost, for reasons I cannot understand. Yesterday, I still managed to run Malawarebytes which did not show any problems, but got an error when I tried to update. Thjis morning, it updated and ran without problems. Last night, I managed to run Avast boot scan and again without finding anything. One puzzling fact: yesteday I had trouble opening MyComputer/Proiperties and when I did the tab about SystemRestore was missing; I also could not get to SystemRestore through SystemTools. This morning I accessed both. I still cannot open Java in the ControlPanel. Finally, I ran OTL twice but did not get the Extras.txt. I am attaching the OTL.txt.
hello Superhacker
I managed to download Dr Web Cure it. The first scan found nothing, but the second FULL scan found Dellth.txt in c:\I386\compdata\dellth.txt, infected with modification to IRC.sleeper.
Unfortunately, my problem has returned and at times I am unable to do anything once the system restarts: unresponsice Start, Mycomputer\Properties, Ctrl-Alt-Del, or even the power-down button, forcing me to disconnect by pressing the power button for about 4 seconds.
Right now I am doing a Spybot scan (I am using a different computer to send you this message). I wonder if something drastic like ComboFix might do the trick. Can you help, please?
Thank you
qim
qim, did you read my post?
Right now I am doing a Spybot scanSpyBot is usless, the only thing it can remove is tracking cookies....
Hi Omid
Yes, I did read your post. Thank you very much. However, I managed to get the computer going again and I am starting to understand what is going on. I expect that I have some sort of virus that installs itself when the computer restarts. When it does Comodo Firewall alerts me to a Services.exe that is about to change the registry. I assumed this was essential to the system so I allowed it and lost virtually all control. I have just seen EventViwewer and most services were denied access as I restarted.
Last time I told Comodo not to accept the change and the computer now seems to be responding normally. However, the virus is still there, I think, and would like to get rid of it.
I ran avast boorscan, Malawarebytes, Spybot, Bitdefender and Dr Web. They showed a clean computer except for Dr Web that found IRC.sleeper.
If you can help me get rid of whatever is lurking I would be very grateful.
Regards
qim
It won’t hurt try my manual that I said above 
Helo Ormid
I had a look at the manual re rescue disks. I will try and do one. But my problem now is to sort out the computer. It is nearlu normal but only nearly. For instance, I am unable to edit Msconfig/start. When I try to save nothing happens. Either I have a virus lurking or the Firewall is blocking something, possible through my own errors.
I need to make sure the computer is clean while I have reasonable access.
Thanks
qim
qim, I’m not using comodo so I’m not sure if blocking something by Comodo caused that you have not full access over your computer configuration? you may try reset all rules in comodo and start using your computer again (after making sure your computer is clean).
Hello Superhacker
Finally, I managed to do the HijackHunter. Log attached.
Thanks
qim
i would suggest you try superantispyware also and see if it comes up with anything. sometimes it detects things malwarbytes don’t and vice versa.
if you have internet access again of course.
good luck
Sorry for late i had to study a lot yesterday.
Even the only suspect item in the report is not a malware
C:\WINDOWS\system32\ckldrv.sys
So i think you are clean and th your problem caused by comodo firewall which may sandbox essential processes so i suggest:
1.Uninstall comodo"restart"
2.activate windows firewall from control panel
3.after doing that do a dr.web scan.
I think you wont get the problem again.
4.Reinstall comodo firewall and i suggest a more easy one like outpost free firewall.
Thank you very much
Unfortunately, problems started again. In the process of trying to sort out
MSconfig I decided to go into safe mode but when I saw a choice of startinf
with the last good configuration I chose that and my problems started again.
First on stratup I got a box saying (like it had done before) that HKDRVR
was missing. I decided to restore a point from the previous day that I felt
was good and did a Superantispyware scan: it found 24 tracing cookies. The,
I did an express new scan with DrWeb that was clean, but on doing a full
scan it found two viruses in the System Restore(see attachment). I disable
SystemRestore and after restarting enabled it again. Now, I am not sure if
the computer is clean or wether there is something lurking that keeps
popping up when you least expect.
After that I uninstalled Comodo and as you predicted I got full access to
MSconfig; although I am still unable to open the Java Control Panel in the
XP ControlPanel.
What do you think?
Thanks
PS: Meanwhile I am unable to post from the computer and have to use another one to send this message!
The log is too large. How can I send it?
qim
qim, can you please just for testing propose uninstall COMODO and see if problem exist?
Hello Omid
I did uninstall Comodo as I wrote before. In fact, I am at this moment installing Outpost as suggested by Superhacker.
qim
oops! sorry :
So, else than JAVA do you have any other problem?
Outpost is a good choice. Either for free or paid Firewall I vote for Outpost