So i’m sure you guys remember me earlier from earlier this week. I used Avast to finally get rid of a nasty rootkit virus that had KO’d my computer last weekend. After using Malwarebytes and SAS i had pretty much gotten rid of it…or so i thought. During the week i noticed my computer was still taking a few minutes to start up or during browsing online would freeze up for no reason forcing me to restart. Then yesterday after another restart i noticed a program called Windows XP Virus Remover (or something like that) was uploading itself onto my computer. I immediately shut down my computer and after yet another restart found that none of my anti-virus programs are running except of McAfee, Firefox won’t open ( i’m browing with crappy I.E. right now. Grrr…) and i can’t even get into the control panel on MY COMPUTER to add or remove programs. It’s like all exe files on my comp won’t run! I know i should’ve ran a clean disk to make sure my computer was 100% clean like you guys said but i had no time this week and now i feel like a fool. I’m at the end of my rope here…help!
In order to get detailed analysis of your PC, please follow essexboy’s advice here: http://forum.avast.com/index.php?topic=53253.msg451454#msg451454
and after yet another restart found that none of my anti-virus programs are running except of McAfee,Are you running moore than one AV ?
to get exe files to run use this
download this Programme to your desktop, right click and select install, nothing will appear to happen it will just do its job
@ Fister_Roboto
Looks like you are still running Windows 5.1.2600 Service Pack 2 that is infected with Rootkit.TDSS so you might as well look for the Windows installation CD and boot it then FORMAT the hard drive and re-install Windows.
Do yourself a favor and order the XP SP3 CD for the next time you get yourself in this mess.
https://om2.one.microsoft.com/opa/Validation.aspx?StoreID=ce6e3afc-6b25-4f99-8913-3e3453ad966d&LocaleCode=en-us&JavaScriptOn=yes
No need to format for that miscreant - it can be cleaned ;D
100% clean ??? what is that? blank hardisk? ???
sorry for the stupid question :-\ but when i format my HDD there is 8GB volume margin.
im just curious ;D
but when i format my HDD there is 8GB volume margin.Probably the factory system restore partition
thanks! now its clear to all that system restore cannot be access or delete.
many thanks essexboy
I’m running several or at least i was. I had Malwarebytes, SAS, Avast and McAffee running. Now it’s just McAfee. I’ve got no idea whats going on. Jvascript isn’t even running at this point. It’s like if the virus said “Fuck it. If i can’t have his hardrive then he can’t either!”
Lets try this it can run from safe mode - did you run unhookexec.inf ?
To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.
Download OTS to your Desktop
[*]Close ALL OTHER PROGRAMS.
[*]Double-click on OTS.exe to start the program.
[*]Check the box that says Scan All Users
[*]Under Additional Scans check the following:
[*]Reg - Shell Spawning
[*]File - Lop Check
[*]File - Purity Scan
[*]Evnt - EvtViewer (last 10)
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32*.dll /lockedfiles
%systemroot%\Tasks*.job /lockedfiles
%systemroot%\system32\drivers*.sys /lockedfiles
%systemroot%\System32\config*.sav
[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.
bumps two police in one state. 
I tried installing this but it wants to know what program to use to run this which is what is happening to all exe. files. If i try to open Firefo it wants to know what program to open it with and so on.
Run this and then OTS
WARNING these fixes are designed for this user only and may cause damage if run on an uninfected machine
REGISTRY FIX
Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@=“"%1" %*”
Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file. Ensure there is no space above the Windows Registry Editor Version 5.00.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
This will create a fix.reg file on your desktop
http://img127.imageshack.us/img127/433/regtg8.jpg
To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.