Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infection actively curtails all attempts at removal

  • Please log in to reply
No replies to this topic

#1 dtvpala


  • Members
  • 1 posts
  • Local time:05:35 PM

Posted 09 July 2009 - 05:25 PM

Hey, I've got a rather disturbing virus lodged in my system. At first it looked like just another one of those fake Spyware programs but soon after I started taking steps to remove it, I was inundated with multiple infections as well as a desktop hijack that changed my background to some weird message in broken english about how spyware will "break my life". Soon after all of my anti-spyware and virus programs shut down, Explorer crashed and anytime I attempted to access folders on my computer it would crash again. I'm unable to access the control panel, start menu, task manager, command prompt or any web browsers. ComboFix spontaneously deleted itself (though I suspect it was the virus that nailed it). Safe Mode causes a system crash. The only thing I seem to be allowed to do is stare at the fake spyware program while it throws ads at me. Is there anything I can do short of trying to salvage what data I can and starting over?

So far I've been able to log in and operate on the computer's Guest Account without too many issues, but I can't seem to run any anti-spyware programs from it. I've noticed in the task manager several processes have been duplicated which I assume are part of the infected files with process names such as "taskmgr .exe" or "AAWService .exe", they all have a space between the name and the file extension. I've also located a number of files created today in my system32 folder that I can't delete. Are there any other places I should look for cleaning out suspicious files?

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users