Gigabyte S series MB, OCR E2, 3.16 GHz Vista32 Explorer 7

My three year old DT has been occupied by an evil trojan. When I try to boot
in Safe mode, it won’t let me select any option but “Start Windows Normally” I can’t select any
other boot options, CD, USB, etc.
When I do get into Vista, it renamed most of the antivirus progs., those that will still run only run halfway
We just fixed a netbook and I thought I had some idea of what I’m doing, NOT!!
I would really appreciate some help on this one.

Thanks

if able to…follow this guide and attach the logs…not copy and paste http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

Thanks for your reply;

I can run some of the programs you recommended, but I can’t save to anything. Notepad doesn’t work and even cut &paste
is disabled. Any Ideas?

Thanks

I tricked this monster into letting me save a file:

And this:

i will PM the removal expert…
if he doesn not reply here in and hour then i guess you want see him until tomorrow

Thank you.

OK do you have a spare USB stick and another computer to burn some programmes to it ?

Is it a 64bit system ?

I need to know this to determine which version of the programme to get you to run

Yes and yes and it’s a 32 bit system. I’ve attached some logs I was able to save somehow.
This malware shuts off my keyboard at bootup and when I try to save anything. It’s not a USB KB.

Hijackthis is of no use at all… Could you enumerate the current symptoms

Download the following three programmes to your desktop :

1. WiNTBootIc
2. Windows 7 64bit RC
3. Farbar Recovery Scan Tool x64

Extract wintoboot to your desktop
Insert a USB drive of at least 1GB
Run Wintoboot

http://dl.dropbox.com/u/73555776/wintoboot.JPG

Drag and drop the Windows 7 ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It

You will see it progressing

http://dl.dropbox.com/u/73555776/usb%20progress.JPG

It will let you know when it is done
Then copy FRST to the same USB

http://dl.dropbox.com/u/73555776/frstwintoboot.JPG

Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here

When you reboot you will see this although yours will say windows 7. Click repair my computer

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7275.jpg

Select your operating system

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277202.jpg

Select Command prompt

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277.jpg

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select “Computer” and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

I’ve followed your instructions, but my problem is that my keyboard is inoperative at bootup and I can’t select boot options.
I’m stuck. Any ideas?

I did run FRST and here is its log.

Are you able to use a PS2 keyboard ? as the USB one may well be disabled in the BIOS

I was able to get a USB KB to work through a powered hub. I can’t get into the BIOS or change boot order, but I am
in safe mode, in dos console. What can I do from here?

For my scans to give meaningful data (i.e. access the registry) it needs to be run from the recovery console as safe mode is still open to the malware
Do you have the option “Repair my Computer”

How can I make a bootable CD with the files you specified. Occasionally I can get into select boot devices, and
we may get it to work that way. I hate to waste the opportunity on the MS disk.

The USB drive that you created has the win 7 recovery console on it and it is bootable bugger it I gave you the wrong ISO
Redo the USB with this ISO http://www.forum.probz.net/index.php?/files/file/21-windows-vista-recovery-environment-iso/ please

There’s nothing valuable on this HDD. Would it be a help to format a like HDD and go with that?

It would be a darn sight quicker than trying to clean it. As there is probably some system damage as well

I know that seemed like a stupid question but I’ve done that before and the Virus or whatever comes back
when I get the operating system installed. This M/B has a reset button that interrupts the BIOS battery
and that should be the end of it. I have a Nvidia 9800 video card with 1 Gb memory that could be harboring
this evil beasty.

I have yet to come across malware in either the Video RAM or the BIOS. If you do a full reformat and wipe the drive that will kill anything around

I just reformatted this drive, installed the operating system and it says Win paint is scheduled for removal.
I have no idea where to go from here.

Thanks for all your efforts, I do appreciate it.

P.S. The Dell mini you helped me with is still working, many thanks.

Have you restarted since this warning ? Did you deselect any windows elements when you re-installed ?