Privacy components at boot

Help! This one is ugly and I've done a bunch of searching on the net and I can't get answer for how to fix this problem.

My daughter-in-law clicked on a fake spyware warning and installed a nasty bit of malware called "Privacy Components". This software appears to be "hostageware" as you can't boot the computer anymore, either regularly, or in safe mode without the Privacy components screen appearing and demanding that it be registered for $49.95. You can not access any Windows components except the default browser. I have brought this computer home to try to fix, but I will not connect it to my personal network to avoid infecting 4 other computers.

I can't put in the requisite Hijack This log because it can't be installed on the infected computer because I can't get past the damn malware screen.

This is some nasty stuff. I could do a manual removal of the components and edit the registry to remove those, but I can't get past the fake "you're infected" screen that demands the money to "register" the malware.

Like I said, booting to safe mode is not an option. The exact same thing happens in safe mode as well as a normal boot up.

::::Update: Cntl-Shift-Escape does not work to enter the process manager.::::

Thanks in advance!

Edited by hometechguy, 11 February 2009 - 05:14 PM.

This rescue disk has some tools on it that can help to get you to where you can get online for other tools
Avira AntiVir Rescue System

http://www.free-av.de/en/tools/12/avira_an...cue_system.html

This rescue disk has some tools on it that can help to get you to where you can get online for other tools
Avira AntiVir Rescue System

http://www.free-av.de/en/tools/12/avira_an...cue_system.html

Mike, thanks for the heads up. First thing I did was a scan. Took two hours and it couldn't "fix" anything. So.... After the scan I decided to check out the command line interface and the software locked up. I'm going to reboot the computer with the disk and we'll see if I can get to the internet with it.
"
::::UPDATE: A reboot of the computer using the Avira Disk still locks up when I attempt to click on "Commandline". All I can is scan the computer with this program and it doesn't seem to remove anything.::::

Got any specific suggestions on how to use the rescue system disk?



Jim

Edited by hometechguy, 11 February 2009 - 08:16 PM.

The reason I recommended that specific disk is it's easy to download and run.
A much better one is UBCD:
http://www.ubcd4win.com/
It has quite a few A-V and malware tools:
http://www.ubcd4win.com/contents.htm
The only thing is you need to make the CD bootable. That means you need to burn an ISO
There are instructions on the site to tell you how to do that
I'm the first to admit I don't know everything, but with your problems that's all I can think of other then reinstalling the OS

We can also try this:

Turn on your computer, in Normal mode
Right-click on the bottom of the screen and Open Task Manager
Click on the applications tab and end the process
Open task Manager again and click on the New Task button
Type in - explorer.exe - and click OK
You should now be able to download and run mbam



thanks pete c

We can also try this:

Turn on your computer, in Normal mode
Right-click on the bottom of the screen and Open Task Manager
Click on the applications tab and end the process
Open task Manager again and click on the New Task button
Type in - explorer.exe - and click OK
You should now be able to download and run mbam



thanks pete c

Sorry I've not responded earlier. Real life intrudes on my computer fixing hobby. Anyway, I finally got by the hijackware by using safe mode with the command prompt. I used the command prompt to run MSCONFIG to alter the startup menu and then went to programs and deleted things like agent.exe that many sites on the net said to remove.

That got me by the opening screen on a reboot into safe mode, only to discover that he'd been surfing for porn and items like that with only Windows Defender running on the system. No antivirus or anything else was on it, just the basic windows firewall and defender. That didn't bode well. Turns out he'd never updated it either and it had all the holes in Vista and Office never patched.

I got the computer connected to the net and got AVG and Spybot installed and ran the scans. More crapware (zlob and about 20 others) was installed than you can imagine. I deleted everything those found and and installed Ad Aware as well and scanned with it. More malware was found and deleted. Did an online scan from Kapersky and that came out clean.

Unfortunately, some part of the process, either the malware installation or deletion corrupted something in windows. The computer would lock up after running for about an hour and a half. I spent most of the last two days altering the processes and startup configuration (Going from nothing to the point where something would cause it to lock up) and discovered that I couldn't replicate the lockup by using any combination of startup items or services....

Oh well, I've had enough of this. At least I could now get the computer to run for long enough to back up the important stuff and do a system restore from the Toshiba disks, so I just finished restoring the computer to it's brand new configuration, installing hours worth of updates from Microsoft, added AVG 8.0, Spybot, Ad Aware, and Zone Alarm. He'll get the computer back with a working knowledge of how to use those 4 programs to protect his rear end when he chooses to satisfy his carnal desires via the internet. ;-)

Thanks for the help. Too bad I didn't get to try the stuff you suggest, but maybe next time. I've still got a 14 year old and an 11 year old using computers at home.