This involves my husband’s pc. I have limited information because we can no longer access the desktop.

Yesterday, he was surfing for information on Socom 4 (PS3 game) when Win Patrol program suddenly detected about 20 new startup programs. He told Win Patrol to deny them access, then ran Avast boot time scan. Boot time scan did not work because the monitor keeps shutting off immediately. He managed to get back in to run Avast full scan and found about 20 trojan/malware in the forms of .dll, .exe and .wav. He moved them to chest, thought it was clean, and went to restart. We couldn’t remove them from the task manager because that was disabled. Now the PC goes to the safe mode or normal start screen. We have chosen all of the options, and it just loops back, restarting the pc and coming back to that safe mode/normal start screen. We took the next step and tried to install a clean version of XP Pro, but the monitor keeps shutting off. We have also tried my monitor (identical to his) and the same outcome occurs.

I understand that I have no information or logs to show. I am just hoping that there is someone out there who has had a similar experience and can maybe help us.

Download process explorer from here http://technet.microsoft.com/en-us/sysinternals/bb896653
Run it and kill the malicious apps.
Then,scan your computer with Malwarebytes which can be downloaded from here www.malwarebytes.org
Download
Install
UPDATE!
UPDATE! DO NOT FORGET IT!
Scan
Post the log

Process Explorer does not kill malicious apps. You need to know how to spot it first. Process Hacker is a better tool for that but honestly to kill any malicious process just use rkill…

http://www.bleepingcomputer.com/download/anti-virus/rkill

Welcome to the forum peanutz123.

Before we start telling peanutz123 tools to use, it is better to see what is going on inside her machine so we can determine what action needs to be taken, and for this tool we use OTS.

Check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0.

Follow the directions for obtaining the OTS logs (save them as ANSI and not Unicode). Post the OTS log as an attachment (Additional Options > Attach > Post).

I am going to refer you to our Certified Malware expert, named Essexboy. He will also review your logs and give you further instructions, however he comes on the forum late UK time. He will respond to you in this thread, so remember to check this thread daily.

Please do not make any further changes to your machine after you have provided the logs.

IMPORTANT: If you are on a home network, disconnect the affected machine from the network. Do not share a USB/flash drive with this affected machine. Do not use this machine unless Essexboy instructs you do to malware removal instructions; use a different machine to check email, sync your phone, etc. if possible.

Just to be sure your machine is clean, please run an MBAM and Avast Full and boot-time scan to see if you are clean or not. If an infection comes up with Avast, put it in the Virus Chest. If it comes up after updating MBAM PRIOR to running the scan, make sure you put it into quarantine, then cut and paste your log making sure your identify that this is from machine #2. We will call your your husband’s machine #1 and your machine #2.

Let me know if you have any questions. Thank you.

Not that hard to kill uknown apps.I din’t tell him to use rkill because it may be blocked by viruses etc.

Essexboy has been notified and prefers to see what is on the user’s machine prior to killing anything that is unknown. Do no harm. But thank you anyway.

Hi for the machine that keeps looping we will need initially to work outside of windows. Reatogo should allow you to access the net from the affected system

Please print these instruction out so that you know what you are doing

Latest version: v3.1.46.0

OTLPENet.exe
MD5=79209302A1AFB2490808DB890A815CED
Size: 127,222,215b / 121.3MB

[*]Download the attached scan.txt to a USB drive
[*]Download OTLPENet.exe to your desktop
[*]Ensure that you have a blank CD in the drive
[*]Double click OTLPENet.exe and this will then open imgburn to burn the file to CD

[*]Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
[*]As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads

[*]Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy
[*]Double-click on the OTLPE icon.
[*]Select the Windows folder of the infected drive if it asks for a location
[*]When asked “Do you wish to load the remote registry”, select Yes
[*]When asked “Do you wish to load remote user profile(s) for scanning”, select Yes
[*]Ensure the box “Automatically Load All Remaining Users” is checked and press OK
[*]OTL should now start.
[*]Double click the Custom scans and fixes box
[*]In the dialogue locate the scan.txt you have on the USB
[*]Press Run Scan to start the scan.
[*]When finished, the file will be saved in drive C:\OTL.txt
[*]Copy this file to your USB drive if you do not have internet connection on this system.
[*]Right click the file and select send to : select the USB drive.
[*]Confirm that it has copied to the USB drive by selecting it
[*]You can backup any files that you wish from this OS
[*]Please post the contents of the C:\OTL.txt file in your reply.