Yesterday when the kids were on MSN the computer services stopped working.
They turned the computer off and when I came home I noticed I could not do much, not even open up MSCONFIG in Safe Mode.
I briefly could manage through to events and antiviree history in event viewer.
I saw msgsrv32.com cirrusx.oxc kernel.vdx and RPCSS.vdx were infected.
I cant open many programs at all and I can’t get into MSCONFIG in Safe Mode.
I have alway had AVAST on the computer and auto update is on.
What can I do next, AVAST will not open anymore.
If you can’t download them on the infected computer (malware sometimes blocks connections to anti-virus sites) download them on another computer and transfer them to the root directory (easier to find in Safe Mode).
Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k. After boot you can enable System Restore again after step 3).
Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).
It will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
Also, if you still detecting strange behaviors or you want to be sure you’re clean, maybe making a HijackThis log to post here and, specially, scan and submit to on-line analysis the RunScanner log would help to identify the problem and the solution.
After you’re clean, use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.
Finally, when you’re clean, check for insecure applications with Secunia Software Inspector to update insecure applications and avoid reinfection.