I have managed to get a virus on my PC which has disabled avast, spybot and ad-aware, it turns off security center and when I restart security center via services.msc it has turned off automatic updates and my firewall. I have been able to reinstate updates and firewall but cant get avast to run, tried repairing avast but during the reboot cycle it all happens again. It spits the dummy if I try to boot in safe mode and any online scanner I have tried just freezes up. It also seems to have disabled my soundcard…
Oh yeah, and it also tells me that Hijackthis is not a valid win32 application.
To top it all off I am on one of those milkshake diets so really all I want to do is throw my PC out the window and go get a steak.
I am running windows xp home and all updates are current.
I will erect a small shrine to anyone who can help me
Try downloading MBAM http://www.malwarebytes.org/mbam.php using another computer, save the installer file to a flash drive.
Transfer the installer file to the affected PC. You may need to rename the executable to do this. Once it is installed, go to C:\Program Files\Malwarebytes’ Anti Malware, locate the file named “mbam.exe” (one of two files with a red and white M icon) and rename it, to something like, say, rossco rocks.exe (the name is unimportant; the “exe” is.) and open it. Update it if possible, and run a scan.
After or during scanning, it may prompt for a reboot to remove some items. If so, reboot promptly.
Let us know the results.
Thanks Tarq57, I was able to download and run the file myself using the name changes you suggested, running a scan now. Delighted to get such prompt help from across the ditch, will let you know how it pans out
Looks like more trouble. MBAM found the problems (I think) and said it needed to delete on reboot, I did the reboot but nothing happened, just loaded up with the same issues. Ran the scan again and had exactly the same problem. The logfile from MBAM is below if that helps. If you are wondering why E: is my system drive, it’s because I was being particularly lazy when I setup windows…
Malwarebytes’ Anti-Malware 1.35
Database version: 1915
Windows 5.1.2600 Service Pack 3
Just for fun I thought I would try to reboot in safe mode and manually delete the infected files but I couldn’t get it to boot in safe mode. It would start loading and then a message would appear at the bottom of the screen saying press esc to cancel loading SPTD.SYS, then the dreaded blue screen of death would flash on the screen for a split second and the infernal machine would reboot.
Don’t panic. Download some free antivirus removal tool such as DrWeb Cure it.
Load not from your hard drive but from USB DriveOnKey or DVD with LiveCD (or connect your hard drive to other PC if you feel yourself expert enough not to infect that PC also ;D) and start antivirus.
Your virus is starting automatically with OS and it ruined the ability to load in safe mode. When you load from other source (other OS, LiveCD your harddisk is a simple container of files that do not run) so nothing could crash your antivirus and it can do it work.
Just for fun I thought I would try to reboot in safe mode and manually delete the infected files but I couldn't get it to boot in safe mode.
DrWeb Cure it - http://www.freedrweb.com/download+cureit/
DrWeb LiveCD - ftp://ftp.drweb.com/pub/drweb/livecd/
You can use any other soft just search in google. Then burn it to DVD disk on non-infected PC and treat your virus. To make flash drive bootable - you need some more skills and some soft like FlashBoot. Good luck.
This is a Bagle rootkit (as indicated) and a bit beyond my experience (and possibly ability. But there are some serious malware experts here that will almost certainly jump in and help if it all goes not very right.)
Have you tried navigating to the indicated files and deleting them in normal mode? (Or changing their names?) You would likely get an “access denied” message, but it might be worth a crack.
There is a regimen suggested at post 3 here http://forum.avast.com/index.php?topic=39312.msg330023#msg330023 by Tech, who is very knowledgeable.
There is a site here with links to the up-to-date antirootkit apps. http://downloads.andymanchesta.com/antirk.html
Basically pretty much throw anything at it that’s reputable. repeat MBAM scans won’t hurt, too. I’ve read about some malware taking more than one scan to kill. (I think the first part-cripples it, but if the remnants aren’t hit straight away it rebuilds itself.)
At one time, the general recommendation and thinking was that if you had a rootkit, it was necessary to format and re-install. Some might still hold to this thinking. I don’t know if it’s always entirely valid today, though.
See what some others say.
Good luck.
Hi All,
Firstly I would just like to say a big thankyou to everyone for the outstanding help, definitley the best experience I have had on a support forum.
I have managed to fix the problem by doing the following things:
1 - Running a scan with MBAM
2 - Printing the log from MBAM
3 - Loading the Dr Web Live CD and running the scan on that
4 - Using the Dr Web file explorer (or whatever it was called) to find and delete the files that MBAM couldnt sort out.
All seems to be back to normal now, I am in the process of running as many different scans as I can just to be on the safe side.
Thanks again to everyone who responded and also those who took the time out of thier days to read my post even if they did not post a reply, you have made my wife a happy girl
