Posted 24 February 2010 - 02:48 PM
Please let me preface this with the statement that I appreciate the volunteers at this site more than I'll ever be able to express. I've been out of work for over 2 years and am trying to get an ebay business up and running so desperately need my computer. I have no money to replace it. If I have to reformat, I'll lose thousands of dollars of programs as well as a huge amount of work in research, saved receipts and transactions, countless photos from museums and so forth, but if it comes down to that I need a computer that can access the net, can at least boot t a useable mode. I don't have the original discs. I personally bought the software when I had my own business but my partner took it along with everything else. I don't mean to sound whiny and don't deserve any more sympathy than the tons of other people in the same boat. I just want you to understand that any sarcasm inferred below is an expression of frustration rather than ill will directed in any way toward volunteers here.
I appreciate the direct to the advice listings for common issues on bleepingcomputer.com. However, I had already found and tried almost all of these *please note information in original post*
Let me provide more detailed information as to the current state of the computer and steps I have taken.
Computer will boot in safe mode only, with and without networking. Attempts to reboot in normal mode result in a loop of rebooting after the blue-screen-of-death flashes right before the desktop would appear. Weirdly, I was able to get it into a normal mode, briefly, but a pop up box prevented further action on the desktop until it was dealt with. The box read "you have used the System Configuration Utility to change the way Windows starts." I tried clicking the box to accept this setting and not clicking the box but both resulted in an immediate flash of the blue screen followed by the reboot cycle until I F8'd into safe mode.
Several programs are affected - not updating, not installing - with error messages talking about administrator policy changes. I've absolutely no idea what this is, certainly did not manually make such changes an have no idea how to access anything to put it back the way it was. Error messages have included something about preventing registry changes, "cannot be uninstalled due to administrator settings" (Superspyware, upon attempt to uninstall/install), cannot be installed due to safe mode or admin settings (Windows C++ update attempt).
Now for the programs I've tried...
Malwarebytes. I love this program and understand that it is usually the start of virus solutions on the bleepingcomputer forum answers. As stated in the original posting, the exe file was deleted and the renamed files corrupted so wouldn't work either. I was able to get a friend to email me a renamed exe file but that didn't work either. This morning I uninstalled then used the MBAM clean program, downloaded the MBAM install and renamed exe files to a jump drive and, after several attempts was FINALLY (WooHoo) able to get MBAM to run - was in safe mode without networking so didn't update - clicked full scan and... watched as three seconds went by, the red ticker said 3 objects found (can't see anything else due to the tiny safe mode screen), 0 files scanned then... blue screen of death flashed and computer started the reboot cycle. Arrrrgh! Same result when tried again but clicking quick scan. Tried safe mode with networking next but update attempt failed immediately. Error messages I received during the course of my MBAM adventure were: 703 (0, 453); 707 (3, 0); 732 (12007, 0). I looked for these on this forum, googled them and followed all of the advice and links from those replies to additional troubleshooting options to no avail. I love Malwarebytes. It seems to be the main line of breaking the Paladin mess (if that's all I have) according to the many answers I've read on MBAM's forums and here. With the partial success, if you can call it that, of at least getting the MBAM window open, I have tried uninstalling, MBAM clean, rKill, installing, rebooting, rebooting, installing, uninstalling, rkill, clean, safe mode with networking, safe mode without networking, renaming the renamed file, re-downloading the install and renamed file program from the "common answer" forum for MBAM issues and from MBAM... I kinda think I need some other solution at this point.
So, other program attempts (not in chronological order since I don't recall it anymore after 10+ hours of working on this mess):
Java - I read Paladin took advantage of an out of date Java. Dunno if mine was but I tried updating, then uninstalling and reinstalling but got error that admin settings prevented it. I was logged on in safe mode as Admin.
Spybot - wouldn't run, uninstalled, manually deleted folder, downloaded install files to jump drive (friend's Mac), copied to laptop (the leperous infected one), installed with apparent success then... clicking the exe file resulted in... nothing. The app didn't open, processes list showed several instances of SpyBot but nothing in the Apps portion of Task Manager.
Combofix - I know it's too powerful to use without supervision but was desperate enough to at least scan with it. Nada. Same problem, same attempts at solutions as with Spybot. Clicking the file does nothing but open processes of Combofix with nothing showing on Apps.
SuperAntiSpyware - already had this, error message when tried to run, tried to uninstall but got error that it has to close unexpectedly. Gave up after several attempts.
AdAware (Lavasoft) - Had this but uninstalled a while ago. Downloaded install file but got error that MS Visual C++ Runtime 9.0 Service Pack not installed, which directed me to Microsoft updates. Got that file. Tried to install it but was told it couldn't be installed due to safe mode or another issue.
Windows Defender - no idea what this does but clicked it and "failed to initialize properly (0x80000003)"
ESET - I'd been directed to use this before so had at least some of the program on my computer and was desperate for an online scan, anything that could at least start to clean this mess up. Could not access the site online (see initial post re google redirect and no virus sites and most virus forums, including this one, blocked with the error message "could not locate server" despite the rest of typed addresses coming up). However, I was able to get into some kind of deep link - I think - through opening a cached link. The program wouldn't update, started at 50% and went nowhere before giving a no-update error message. It doesn't appear to be able to be run without the auto update. I went to a troubleshooting site for it, could not get to the F5 advanced settings part since it hung up almost immediately. The troubleshooter then directed to make sure auto detect updates checked on internet options of control panel. Done. Make sure proxy server unchecked. K. Open "folder options" from the control panel - I can't find any "folder options" option at all in the control panel in the main window or in any control panel folder, nor can I switch to classic view from the start menu. No idea why.
Rkill - have used this frequently before installs and after reboots. Most of the time its log showed no stopped processes. However, once it showed a stop of something at locals~\temp\msinits. I've no idea what this is but recall the letters msinits from one of the Paladin discussions.
In sum, my computer is unusable from the safe mode state as the quarter-size window on a 14" screen is barely big enough to see to install files and such. It won't allow sufficient visibility to use hotmail for anything other than reading incoming mail. I'm terrified that being on the internet more will exacerbate the problem although passwords are probably irrevocably compromised. I don't have any money to take and am bankrupt so stealing identity or funds is probably not an issue. I need a computer to work at this new venture and have been up crying all night at the prospect of not having one - there's no money to replace it. To make matters more difficult, I live in a very rural area so have to drive an hour to access a friend's Macintosh computer at his office. I don't have access to another PC.
Is there any way to directly delete at least some of the infected files to compromise the ability of this virus stuff to stop MBAM from working?
Thank you so very much for any assistance you can provide.