BleepingComputer.com: Malware Defense Problem

Hello and Thanks in advance!

Running xp

Got a popup that mentioned 'malware defense'. I immediately unplugged the ethernet. Tried to run spybot, but no go. rebooted, but xp would hang up at the welcome screen.

Booted up in safe mode ok. Tried to run spybot, but no go. Tried to run tdsskiller, but it would not run. Tried to run malware bytes, no luck.

Any ideas? Oh I'm in trouble.

http://www.bleepingcomputer.com/virus-remo...malware-defense

Louis

Thanks for the prompt response. As I indicated, I cannot boot up to xp, and programs, such as the one you recommended, will not run in safe mode.

Anybody else have any ideas?

Edit: Spoke too soon. More later. Sorry.

This post has been edited by fastsigns: 04 February 2010 - 02:11 PM

rkill seems to run. The log file shows nothing found, and then a xp type message comes up that indicates the 'you are working in safe mode. select ok to go into safe mode or 'other' to go to restore'.

if I click on safe mode, then I get back to the desktop and malware install will not run.

Thanks in advance!

You are following the instructions which were so carefully written?

Louis

This post has been edited by hamluis: 04 February 2010 - 02:57 PM

Thanks Louis.

Sorry for being an #ss. I missed the rename to explorer.exe part.

I was unable to run 'get updates' as I do not have an internet conn on that machine. I am running a scan now.

Thanks!

Got an internet connection on the machine and got updates for malwarebytes. Ran it, it requested to reboot, started to come back up, then froze up in the same spot as before, at the welcome screen.

Log indicates that 5 found items were quarantined and deleted.

Shall I revert back to an old restore point?

Thanks for all your help!

That's a decision that you must make.

The problem that I see with restore points...is that you have no idea whether such will go past the point of infection...and it's not guaranteed that you can even use the System Restore function successfully.

You can either try that...or follow the suggestion included in the Removal link I provided:

""If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:

Preparation Guide For Use Before Posting A Hijackthis Log" (this is not a link, the functional link is in the Removal Instructions mentioned).

If you decide to go the route listed in the Removal Guide, bear in mind that the log will be posted at that malware forum and all further instructions will come from the designated helpers at that forum.

Louis

Thanks, my friend. I will wait to do a restore.

I ran malware bytes several times in safe mode and it come up clean.

I can boot up to a normal desktop from the cd, but it hangs at the welcome screen without the cd. Strange. Can I use the fixboot command?

Also, when I look at task manager, iexplore.exe's keep popping up, with up to 3 running. Also even after uninstalling and reinstalling spybot, it still won't work.

Oh me oh my! Have I given you any more clues?

Any help is appreciated.

Well...users seem to have a conception that removal of an infected file or files...is all that is necessary to make a system healthy again.

I don't take that view, since any file that was damaged during the infection or removal of same...will continue to be damaged post such removals.

For advice on malware items, you really need to visit one of our malware forums. They have the knowledge and skill to deal with such and I would not expect to find it here in the XP forum (no matter how knowledgeable some members are).

FWIW: An instance of iexplore.exe should appear in Task Manager for every instance of a window being open, plus or minus one, in my experience. I have 3 windows open in IE right now and I have 3 instances of iexplore.running. Note that I did not say iexplorer.exe, which is a malware item.

Louis

Thanks for the input!

With regard to my system unable to boot up (only boots with xp cd in drive), do you think I should start by running a bootcfg /rebuild in the recovery console?