Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


virus shutting down computer when running Avira and will not let me boot in safemode

  • This topic is locked This topic is locked
3 replies to this topic

#1 mgs3


  • Members
  • 3 posts
  • Local time:07:32 AM

Posted 14 July 2009 - 08:59 PM

I few weeks ago I got hit hard by some kind of virus when trying to watch a "Top Gear" episode/video on a car site that required downloading a minerva torrent. The other members of the car site were I got the link were not infected when doing this except one person had something that tried to install but was blocked. One of the main ones that came up was Trojan SHeur2AMPY and Generic 13BLTA. I was unable to stay in safemode to try to run scanners. It would go into the menu after hitting F8 but when I would select what type of safemode I wanted(networking, etc) it would say it had a problem and could not do it. I ran a bunch of scans with AVG, Spybot, Yahoo antispy, Malwarebytes, Windows malicious tool in regular mode, and downloaded Avira. It seemed to clear most of it up but every so often Spybot and Spywareblaster would show 2-4 sites without protection when I would check them and I still can not scan in safe mode but aside from being a little slower then normal the computer has run fine for a couple weeks after doing all the scans.

Today the computer has a bunch of things on it, when I run Avira it shuts the computer down as soon as it starts scanning, with AVG it reports a bunch of different infections of Trojan BackDoor Generic 112ND but AVG will not let me remove any of them, it says "cannot be removed by standard user rights, Do you want to remove threat as power user?" and after selecting yes it still won't let me, it is completely useless, Spybot got something called Win32.Agent.p2, Yahoo anti spy got Kollah ADV and SillyDI GYI but it would not remove them either saying an administrator had to do it or I am unable to do it. I reinstalled Avira but it still shuts the computer down as soon as it starts scanning. Can't stay or scan in safe mode either like before. When I do searches on Yahoo and it comes up with sites including Bleeping Computer usually when I click on it, it will take me to some sports, electronics, odd search site, etc which I know are shady. Nothing really looks all that fishy on Hijack when I ran it and I don't see any fishy programs on add/remove programs.

A few months ago I did install an older harddrive from a dead computer that was clean to intall some files on this computer and had to go into a few startup modes and tinker to get it to work. I possibly could have done something that is messing with staying in safemode but I think it is the virus not letting me to scan in safe mode. My system is Windows XP.

What should I do? Can I dowload and run those programs like super anti spyware and some of the others recommended on this site in normal mode instead on Safemode?

BC AdBot (Login to Remove)


#2 mgs3

  • Topic Starter

  • Members
  • 3 posts
  • Local time:07:32 AM

Posted 15 July 2009 - 12:55 PM

Now when I download Dr. Web Cure It and try to run it I get some Microsoft error that it encountered a problem and it asks me if it wants to send the information to Microsoft which I decided not to. Not sure if what it is but this virus has rendered AVG useless (or maybe AVG is just useless because it did not stop the virus and won't let me get rid of it)because it will not remove the 106 Trojan Horse Backdoor Generic1123NE it found for some reason(it says it cannot be removed by standard user rights and if I want to remove as a power user and it still won't do it when I choose that). When I try to run Avira it shuts down my computer as soon as it starts scanning. Malwarebytes only finds Trojan.TDSS now in which it keeps coming back. Spybot only found Win32.Agent.P2. SuperAntiSpyware found a few things in the first scan but now does not find anything.

Any advice?

#3 snowdrop


  • Members
  • 513 posts
  • Local time:07:32 AM

Posted 15 July 2009 - 01:04 PM

Welcom to this forum :thumbsup:

Could you please clarify---do you have both AVG8.0 antivirus AND Avira Antivirus programs installed on the computer :trumpet:

I note you say you have Spybot on there ?Do you have Spybot's Tea-Timer enabled?

We could do with seeing the reports FROM the Malwarebytes and Superantispyware programs to check out for you if you can retrieve them please :flowers:

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 37,009 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:32 AM

Posted 19 July 2009 - 12:01 AM


Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/242448/virus-shutting-down-avira-redirecting-to-shady-sites-wont-let-me-stay-in-safe-mode/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond. Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users