Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ANTIVIRUS LIVE HIJACK [Moved]


  • Please log in to reply
21 replies to this topic

#1 bcuser1

bcuser1

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 20 December 2009 - 11:13 PM

Spontaneous attack by Antivirus live resulting in complete inactivation of all computer functions.

I cannot access any programs or normal functions of my computer, including task manager.

Tried the Malaware/Malbyte program but it too has been inactivated by Antivirus live.

I am sending this message through my laptop computer.

Any thoughts would be appreciated.

Thanks,

bcuser1

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 32,873 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:35 AM

Posted 20 December 2009 - 11:29 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SuperAntiSpyware, SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript


#3 MATTSPCHELP

MATTSPCHELP

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leicester, United kingdom
  • Local time:05:35 AM

Posted 20 December 2009 - 11:34 PM

Copy taskmgr.exe from C:\Windows\System32 to your my documents and rename to explorer.exe and open , you should have access to task manager now , however if this isnt possible let me know, also let us know you OS as some things i will as you to do may not be possible on hom versions or 64 bit systems
Microsoft Certified Desktop Support Technician

#4 bcuser1

bcuser1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 20 December 2009 - 11:47 PM

Still cannot open task manager. My OS is Windows XP Media edition, 2002

bcuser1

#5 MATTSPCHELP

MATTSPCHELP

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leicester, United kingdom
  • Local time:05:35 AM

Posted 20 December 2009 - 11:48 PM

Start run type msconfig press enter ?

does the box open up ?
Microsoft Certified Desktop Support Technician

#6 bcuser1

bcuser1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 20 December 2009 - 11:49 PM

Unfortunately no.

bcuser1

#7 MATTSPCHELP

MATTSPCHELP

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leicester, United kingdom
  • Local time:05:35 AM

Posted 20 December 2009 - 11:51 PM

Safe mode available

if you dont know how to get in there restart and press f8 continuously then select safe mode
Microsoft Certified Desktop Support Technician

#8 bcuser1

bcuser1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 20 December 2009 - 11:56 PM

Yes - got into msconfig via safe mode. Thanks. Now what?

bcuser1

#9 MATTSPCHELP

MATTSPCHELP

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leicester, United kingdom
  • Local time:05:35 AM

Posted 20 December 2009 - 11:56 PM

can you list for me what is in the startup tab
Microsoft Certified Desktop Support Technician

#10 bcuser1

bcuser1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 21 December 2009 - 12:02 AM

Rather a long list, bear with me:

ehtray
NeroCheck
shwiconem
zHotkey
IntelAudioStudio
RECGUARD
PDVDServ
igfxtray
hkcmd
igfxpers
wpctrl
DT_startup
avgtray
hPWuSchd2
hpcmpmgr
qttask
iTunesHelper
dumbprep 0 -k
realsched
mbam
iqsksysquard
ctfmon
Adobe Reader Spe...
HP Digital Imaging
HP Image Zone Fas
Install Pending Files
Microsoft Office
VPN Client

Sorrry for the delay

bcuser1

#11 MATTSPCHELP

MATTSPCHELP

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leicester, United kingdom
  • Local time:05:35 AM

Posted 21 December 2009 - 12:04 AM

iqsksysquard << untick
hPWuSchd2 << untick
DT_startup << untick


Restart and attempt to perform an action that you couldnt before hand
Microsoft Certified Desktop Support Technician

#12 bcuser1

bcuser1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 21 December 2009 - 12:14 AM

No luck I'm afraid. The computer did give the following message:

System Configuration Utility

"You have used the System configuration Utility to make changes to the way Windows starts.

The System Configuration Utility is currently in Diagnostic r Selective Startup mode, causing this mesage to be displayed and the utility to run every time Windows starts.

Choose the Normal Startup mode on the General tab to start Windows normally and udo the changes you made using the System Configuration Utility."

What is the next step?

bcuser1

#13 MATTSPCHELP

MATTSPCHELP

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leicester, United kingdom
  • Local time:05:35 AM

Posted 21 December 2009 - 12:17 AM

find a usb drive or burn this to a cd http://www.tangosoft.co.uk/re-enable%20v1.html

open it on the infected computer tick all the boxes and click ok , its shud re enable everything but for how long im unsure
Microsoft Certified Desktop Support Technician

#14 bcuser1

bcuser1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 21 December 2009 - 12:31 AM

Am downloading the "portable" version of re-enable V1 - would this be okay?

bcuser1

#15 bcuser1

bcuser1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 21 December 2009 - 12:50 AM

Unfortunately the Re-enable program also did not work and now the malware is blocking the re-enable program. Is it time to think about system restore and if so will that wipe out all my data files?

bcuser1




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users