I need help! Nothing is working!

Hey ther guys. This is my first time here and I joined because I have a virus or something on my computer and it’s insane!

Basically this virus wasn’t detected on avast scanner’s when I downloaded it (thinking it was another piece of software) and even though I had teatimer on it bypassed it even whenI tried to block it and fortunately it performed the function which was protect my home page from a highjacker otherwise I would be majorly screwed right now (that’s the only thing it blocked when I told it to.)

Here is the deal:

Avast, Zone Alarm and Spybot + Teatimer which I had runnig at the time were completely disabled by this virus. If I try to reload them they are disabled at the last second. I cannot perform a reboot scan because all of the ways to load avast are disabled. I tried uploading other antivirus software like AVG but they were disabled as well.

I used the avast virus sweeper /cleaner for when you are infected with a computer virus and it found nothing. I used online scans like Panda Software and it “disinfected” from few malware but nothing changed. I scanned it with Trend Micro Online scan and it found a few things and removed them and I scanned again to make sure they were gone.

What else…oh yeah I used AVG Anti Root kit remover and it found some stuff, I removed it adn restarted my comupter dan they were removed adn still nada.

I deleted temp files, cookies, disabled system restore and nothing. I even tried booting my computer in safe mode but the virus or whatever I have got isn’t eltting me do so.

I’ve checked all the posts countless times and tried everything I can and I still keep running dry. Basically all of my antivirus programs and scanners are disbled from my computer.

Can anyone help me out? Thanks in advance to anyone who can provide me with any answers.

Hi Danni,

As you found evidence of rootkit activity, I’d suggest running the Panda anti-rootkit scanner:

http://www.pandasoftware.com/products/antirootkit/

Run the in-depth scan which requires a reboot.

Follow this with a scan by DrWeb CureIT!

http://download.drweb.com/drweb+cureit/

If you can’t run this program, rename it and see if that allows you to run it.

Also, try the F-Secure online scanner:

http://support.f-secure.com/enu/home/ols.shtml

Panda software found nothing,

DrWeb Cureit found nothing

F-Secure Online Scanner “error occured… ID:24” I am pretty sure I enabled Activex Controls but if someone could refresh my memory (I have Win XP) that would be most helpful. Assuming I did enable my activex controls, it was likely disabled like the rest of the stuff I have tried so far.

Please post a HijackThis! log for us to look at:

http://www.bleepingcomputer.com/tutorials/tutorial42.html

my guess…if problems presist after removing the malware then it has some thing to do with Registry entries…provided there are no other active malware…

my guess....if problems presist after removing the malware then it has some thing to do with Registry entries...provided there are no other active malware...

Correct. The malware may have deleted the SafeBoot registry keys.

Here are some options to restore them:

http://didierstevens.wordpress.com/2006/06/26/restoring-safeboot/

http://didierstevens.wordpress.com/2007/02/19/restoring-safe-mode-with-a-reg-file/