Help
Anyway, my computer is a Presario, about 5 years old, supposedly 100 GB hard drive, I have 2 GB ram, Windows XP Home edition, service pack 3 installed,
A couple days ago, an Avira alert came up while online, as usual, it defaulted to the ‘deny access’ option, which I did. Another alert came up immediately after that with the same option, which I clicked. I do not recall if I closed my browser at that point, or if it closed itself, but after that happened, I had no icons (except for ‘trash bin’, ‘MS Exporer’, and ‘Firefox’, on my desktop. And going into my files from ‘My Computer’, the only folder listed on the hard drive was ‘programs’, and in that folder the only file listed was an old, disabled ‘Zone Alarm’ file.
My hard drive still shows that about 28 GB are used, and 58 GB are free when checking properties. When I use the XP search function, it will find the folders and files, but they will appear dimmed, and when right clicking them to explore, explorer will open that folder and show it empty. So I am unable to access any existing files on my computer. Also, on my start menu, the ‘All Files’ option show completely empty, except for a couple programs that were downloaded after this occurred.
I can get online, Firefox, I.E., Thunderbird, Word, and Wordpad are accessible and functioning. I did download ‘Iobit Security 360’ from C-Net. It did install and run, and found some threats, but the problem still exists. Any new programs downloaded are accessible, but none of my old ones are. I also downloaded ‘Ad-Aware’, but it would not install as it said it could not access ‘Visual C++ Runtime 9 Service Pack 1’.
Since this happened, I have only run in 'Safemode with networking'.
Also, I can not open ‘Avira’ to get updates, but it will scan the hard drive when told do do so through the right click menu on my hard drive. And as I watch the scan, it does go through all the old files on the drive.
In ‘Control Panel’ I found ‘Anti virus 2010’, I suspect it is malicious, but the above mentioned security seems to ignore it.
When an uninstall of it is attempted through add and remove, a ‘Run Installation Program’ box appears and states “..An error occurred while trying to remove Antivirus 2010. You do not have access to \\globalroot\systemroot\system 32\userinit exe. You can specify the new uninstall program below..”, which gives a browse window to pick a program, but since I can’t access any programs, it will only browse the programs I have downloaded in the last couple days.
I ran ‘Rkill’, and then by changing MBAM’s name, was able to run it, and it found these:
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\czlsibcevumxmskfuyaxTaskMgr (Hijack.TaskManager) -> Value: czlsibcevumxmskfuyaxTaskMgr -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ehclocyj (Trojan.FakeAlert.Gen) -> Value: ehclocyj -> Quarantined and deleted successfully.
Files Infected:
c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\RP1754\A0476489.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I rebooted in ‘safemode’, but still have no old files showing up. Everything is basically the same: ‘Anti Virus 2010’ is still listed in ‘Add and remove’, and I can’t update or install Avira, I can only run it off the right click drop down.
Should I reboot out of safemode at this point?
Any ideas?
Thanks, and sorry for posting an essay.
This post has been edited by kerk: 17 April 2011 - 09:23 AM
Reason for edit: Moved from XP to Am I Infected.
Back to top
