Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Some sort of virus blocking windows installer and making my computer freeze during login with normal mode.


  • Please log in to reply
4 replies to this topic

#1 Guest_Neven123_*

Guest_Neven123_*

  • Guests
  • OFFLINE
  •  

Posted 23 June 2009 - 09:45 AM

I've been battling this virus for a while. Malware Bytes' doesnt work. Im trying to install SUPERANTISPYWARE but it 'the system administrator has set policies to prevent this installation'

I've tried renaming the file to 'gfd.bat' That didnt work. I unblocked it from firewall. Nothing. I also tried using windows installer clean up utility. That wouldnt work cause it too displayed 'the system administrator has set policies to prevent this installation' My computer is really slow outside of safe mode to the point I cant login with safemode. i dont know wat to do. I used malware bytes' and that has helped me in the past now it isnt working. I thought superantispyware would do the trick as in the past it was the most reliable one for me to use. Now I cant even install it.

*EDIT* Also tried using regedit

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

Edited by Animal, 23 June 2009 - 11:21 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA

Posted 23 June 2009 - 12:05 PM

Hello and welcome.

Hello and welcome please run these next. If you have Spybot installed temporarily disable it.
Next run ATF:
Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Next run MBAM (MalwareBytes):

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 possumbarnes

possumbarnes

  • Members
  • 333 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee, USA
  • Local time:03:14 PM

Posted 23 June 2009 - 12:06 PM

I've come across this when cleaning up some customers computers. The easiest way I've found is to remove the hard drive, hook it up as an external hard drive on another computer, and scan that drive with MBAM. A quick scan usually cleans up enough of the junk that it will now boot in its original computer (however if it still won't boot, hook it up externally again and scan it with a full MBAM scan and a quick SAS scan, then move it back to its home computer). Once its back home, run MBAM again (since the drive is now the boot drive). Once MBAM has finished its second time, SAS will normally install with no issues then.
What's more irrational--a guy who believes in a God he cannot see or a guy who is offended by a God he doesn't believe in?

#4 Guest_Neven123_*

Guest_Neven123_*

  • Guests
  • OFFLINE
  •  

Posted 23 June 2009 - 01:07 PM

Ive added to the registry to make windows installer to work with safe mode. Computer seems clean but when I login my desktop wallpaper shows up and the computer freezes.

Malwarebytes' Anti-Malware 1.38
Database version: 2325
Windows 5.1.2600 Service Pack 3

6/23/2009 1:14:41 PM
mbam-log-2009-06-23 (13-14-41).txt

Scan type: Quick Scan
Objects scanned: 120374
Time elapsed: 3 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Neven123, 23 June 2009 - 01:15 PM.


#5 Zllio

Zllio

  • Members
  • 1,107 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 28 June 2009 - 02:38 AM

Hi Neven,

Are you still waiting for help? Your thread seems to have gone under.

Zllio




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users