I'm in urgent need of help, I can't do anything with my laptop.
About 20 days ago, while helping my son do research on gambling and addiction for his final, I was infected by visiting one of the gambling sites. The infection would not let me run adaware, spybot sd, ccleaner, it wouldn't even allow me to use System Restore. If I tried to search using Google, Yahoo or Bing on IE or Firefox, I was automatically redirected to whatever it wanted to send me to. I happened to also have Opera, and luckily that was immune to the redirects, so I searched for and downloaded Malwarebytes.
It would not allow me to install it though. So I downlaoded it again and changed the name. By doing that, I was able to install and run it. It found 30 or so things, and I removed them. But there were 2 that it could not remove, it said that it would remove them on reboot. One was iexplore and the other might have been userinit(or a shorter name that started with a U) So I rebooted, and ran Malwarebytes again, but the one infection that started with the U was still there.
It didn't bother me too much.
But after a few google searches using Firefox(I couldn't use IE at all withut being redirected), the redirects would start again, but all I had to do was run Malwarebytes, it deleted all by that one infection and then I'd be sort of okay again. But then yesterday, suddenly Opera was affected by the infection and I couldn't search when using it without being redirected. I ran Malwarebytes again, but I couldn't search on Opera or IE without being redirected, but Firefox was okay for the moment. I closed my windows, set my laptop down, went and got a drink and came back to a black desktop with big red letters warning me I had been infected and System Security 2009 was "scaning" my laptop. I tried to open taskmanager to close it, but got a little balloon telling me I couldn't run it cuz it was infected.
I then tried spybot sd, adaware, ccleaner, malwarebytes, System restore, add/remove program, all got that stupid little bubble in the lower right corner telling me that they were infected and couldn't run. I even tried to run msconfig, but it said it was infected. I couldn't launch IE, it immediately closed. I couldn't launch Firefox, because it said that Firefox had crashed and would attempt to restore my tabs, but everytime I tried, it failed to launch. But I could use Opera, it was a litle slow, but I could use it. Using search engines was out though, when I tried, I got redirected.
I happened to have malwarebytes, adaware and spybot sd on a usb drive, so I thought I'd try running them from there, but it didn't work. So when I tried to "safely remove" my usb, I got a windows XP error notice popup and and suddenly the infection stopped "scanning" and shutdown. I was now able to run malwarebytes...or so I thought. It would run for awhile, find issues, then it would become unresponsive. I tried it 5 or 6 times, but it never finished running so I could remove the issues. So I thought I'd shutdown and try again later....big mistake. When I did try and start the laptop, it would turn on, launch XP, then it would flash quickly on a blue screen that said something like windows was shutting down to protect my computer and it was beginning dump. It kept doing that over and over. I tried to launch safemode, but I couldn't. It would start to launch, the screen would fill with a bunch of win 32 messages, then it would flash quickly to the blue screen that said something like windows was shutting down to protect my computer and it was beginning dump. I was never able to load XP again.
So I decided to run dban, reformat the drive and reinstall XP. Once XP finished installing, I updated to sp 2 and suddenly while it was updating, the black desktop with big red letters warning me I had been infected and System Security 2009 was "scannng" again. I ran msconfig and disabled all but the systray on startup, rebooted and when it came back, the black screen and red letters were gone, but System Security 2009 started "scanning". I no longer have malware bytes on the laptop and can't run anything without getting that stupid little bubble in the lower right corner telling me that whatever I was trying to run was infected and couldn't run it.
I'm really stuck. Being infected was bad enough, but to wipe the drive clean, only to have the virus/infection return is unbelievable. Especially since I can't install any type of removal tool, and since I can't install anything, I can't give you a HJT log or anything else.
I'd hate to have to wipe the drive again, mainly because it didn't work the first time I wiped it.
I don't know how you can do it, but any help that you can provide is greatly apprciated.
I'm running win XP Pro sp2
*edit...I just found my notes, the one infection that could not be removed at all by Malwarebytes was uacinit.dll (not userinit.exe as mentioned above)
Edited by nbdl, 25 June 2009 - 09:55 PM.