BleepingComputer.com: Need Help

I hope someone can help. I am new here. I have 2 issues:

My parents asked me to look at their computer because they were getting a lot of popups and the computer was running really slow. Anyway when I looked at their desktop there is a window open that says something along the lines of " you have viruses on your computer", "click here to remove them". Anyway, not that I would click that, but i can't even close the window, nor can I even click the option to fix the virus. It seems like it is a frozen window. There is nothing showing up in the task manager either. I would like to know how I can fix this.

Also, they have a crappy antivirus on their computer, and so I was going to download avg for them, but I am having problems uninstalling the one they currently have. When I try to uninstall from the add/remove programs an error message pops up not letting me uninstall it. It's that error message you get from Microsoft every once in awhile that gives you the option to send an error report. So then I try to go into the antivirus folder on the c drive and uninstall with the uninstall option in the antivirus folder, and the same error message comes up.

Can someone try to help me. I would appreciate it.

Hi .

Whose window is it that opens? Any product identified? Who/what is responsible for the "alert"?

What AV program is currently installed? Did it provide the window?

Louis

The AV is "windows xp antivirus 2008". I don't really think it is an anti-virus, I think it is some kind of malware. And I believe that this is the program responsible for the frozen window on the desktop. Also, the computer now won't let me do a system restore. It is showing that there are no restore points to go back to.

This post has been edited by rocket2247: 10 September 2008 - 10:42 AM

xp antivirus is 100% malware.
That is what's causing popups and the other issues.

Because the system is infected, and you specificallty mentioned xp antivirus 2008, I will inform the moderators to move this post to Am I Infected?

Someone will assist you in cleaning your parents computer.

This post has been edited by Pandy: 10 September 2008 - 11:14 AM
Reason for edit: Moved to the Am I Infected forum~Pandy

Sorry for posting in the wrong section. I hope someone can help.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

• Make sure you are connected to the Internet.
  
• Double-click on mbam-setup.exe to install the application.
  
• When the installation begins, follow the prompts and do not make any changes to default settings.
  
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
    
  • Launch Malwarebytes' Anti-Malware
  
  
• Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself.
  
• Press the OK button to close that box and continue.
  
• If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

• Make sure the "Perform Quick Scan" option is selected.
  
• Then click on the Scan button.
  
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When removal is completed, a log report will open in Notepad.
  
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

I get to the point where it is removing the infected files, but it stops and an error message pops up saying "out of memory" and the program closes. Now what do i do? I saved the log before I started the removal. It seems really long, I pasted it into Word and it is 179 pages so I don't think I can paste that into here. Please someone help. I am doing this all in "safe mode" as it is the only way that the computer can function at all now.

Here is the beginning of the log:

Malwarebytes' Anti-Malware 1.28
Database version: 1137
Windows 5.1.2600 Service Pack 2

9/11/2008 9:00:15 AM
Log1

Scan type: Quick Scan
Objects scanned: 174012
Time elapsed: 33 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 201
Registry Values Infected: 8
Registry Data Items Infected: 2
Folders Infected: 171
Files Infected: 2527

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

This post has been edited by rocket2247: 11 September 2008 - 08:29 AM

I don't believe I have ever encountered a MBAM log that detected over 2500 infected files.

There are no shortcuts or guarantees when it comes to malware removal. Sometimes it takes several efforts with different or the same tools to do the job. Even then, some infections can be difficult to remove because of their morphing characteristics which allows the malware to regenerate itself.

Reboot, rescan again with MBAM (Quick Scan) in normal mode if possible and check all items found for removal. Don't forgot to reboot again afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Restarted computer in normal mode and ran the scan again. Same result. When trying to remove the infected items, an error message pops up saying "out of memory".

Lets try this instead.

Please print out and follow these instructions: "How to use SDFix". <- for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"

• Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  
• When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  
• If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  
• The SDFix report log (Report.txt) will open in Notepad and automatically be saved in the SDFix folder.
  
• Please copy and paste the contents of Report.txt in your next reply.
  
• Be sure to re-enable you anti-virus and and other security programs before connecting to the Internet.