Hello, to everybody!

I have old laptop Copaq NX9000, Windows XP and lincenced version of Avast AV (7.0.1426).

There is a lot of viruses and rootkits which Avast can’t remove (or even recognize), so I decided to ask You for help.

I think that some viruses, control the keyboard, and every 5 seconds runing StickyKeys (an accessibility feature to help computer users who have physical disabilities).

I am not skilled with computers, but my friend scaned the infected computer with GMER and there is a log file in attachment.

I’m writing right now on another computer.

Thank you!

(My English is terribly bad, sorry!)

I think it is time to reload that system. However, here is our process called “Scrape” and is only a rough outline. We usually see what infections show up, and research these to see what they are, and how they work, and modify our procedure based on those findings. Good luck!

SCRAPE (use at your own risk, depending upon infection, some systems never work again!)

Disable system restore and page file (independently verify pagefile.sys is gone)
Disable system hibernation (independently verify hyberfil.sys is gone)
Run avast! Boot time Scan (Thorough) or avast! Rescue / Bart CD
Possible false positives can occur in Page file and Hibernation file, and is OK just to delete these. These false positives are normally due to remnants of virus / spyware definitions (DAT files) from programs such as Windows Defender, etc.
Run rkill.exe
If executable file type is disabled then
Download one of the available executable types from source
-Rkill.exe
-Rkill.com
-Rkill.scr
-eXplorer.exe
-iExplore.exe
#all are the same program renamed to bypass executable file restrictions
End If
Run ComboFix.exe (XP and Vista and Seven 32-bit only) (look at files created on infection day! Many times this is the only way to find those pieces)
Run ATF Cleaner (Empty All)
Run CCleaner (Cleaner Only)
Run Malwarebytes (Full Scan)
Run SuperAntiSpyware (portable version)
Run HiJackThis (see’s things nothing else here does)
Run CCleaner if needed for booting with registry errors (Registry Only, repeat until clean)
Re-enable system restore and page file
May need to run a System File Checker
For XP open cmd (sfc /purgecache, sfc /scannow)
…may need to provide install CD
For Vista and 7 open cmd as admin (sfc /scannow)
…does not use install DVD

THANK YOU VERY MUCH.

Well, I’m trying to fix it, without reinstalling XP (because, I lost the Driver utility CD).

I would rather not to use any so risky software, If I really don’t have to.

I already run full system scan on Avast, but it didn’t found anything.

But, I’ll scan with other AV programs.

THANKS!

Don’t waist your time with other AV programs. Start with Malwarebytes, or SuperAntiSpyware, see what they find.

Check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0.

Follow the directions of obtaining an MBAM (Malwareybytes) log (make sure you update MBAM first) and the OTL logs (save them as ANSI), and aswMBR log. Post the logs as an attachment (Additional Options > Attach > Post).

One of our malware removal experts should be along to assist you further after you attach your logs to your next post. Thank you.

@ advantage77
HiJackThis is a total waste of time and far from “(see’s things nothing else here does)” it is blind to modern malware, it just doesn’t look in the places they hide now. Not to mention it hasn’t been updated in over two years.

Some of the other tools suggested, namely combofix, should only be run under supervision (of a qualified malware removal specialist) as incorrect removal of some modern malware can brick a system.

Thank you so much!

I did everything what is recommended in this post:

http://forum.avast.com/index.php?topic=53253.0

And I think that some of the symptoms mmagically disappeared. My keyboard and mouse are now working flawlessly!

THANK YOU!

MBAM din’t found anything, but I saved logs of all scaner I was running.

Hi there all the logs look OK, why are you running in safe mode ?

Not anymore!

It was running on the safe mode because my keyboard and mouse didn’t work correctly in “normal mode”.

Thank you!

Is everything working as it should now ?

With the exception that it’s a sh***tty computer, everything is fine now.

TNX

Alas that is not something I can help with… What are the problems slow speed ? Or just XP

Nothing in particular. This is an old laptop that my parents are using for Skype.

I don’t think XP is so bad OS, it’s much better than Vista, but I heard that XP is a perfect platform for viruses. :-\

I found it very strange that neither Avast or Malwarebytes did not find anything on a computer with so many problems.

The computer was behaved as possessed by The Satan. Just 2-3 hours ago.

Does that mean you have a new problem ;D

No, I don’t.

Thank you, very much.

No, it’s fine now.

thanks!

Run OTL and hit the cleanup button to remove it, then just delete aswMBR from the desktop ;D

You look like the person who can see everything from the log file.

You can get rich, if you keep telling to the people their destiny, just by checking theirs log files. You can tell fortunes.

He is a very knowledgeable and resourceful person. And yes, logs can tell us a lot.