I am a new member and I hope you can help me to resolve this nasty problem.
I have encountered this virus in the past and by using Malwarebytes program it was able to remove the virus, however, this time around it is much more difficult. I was able to open the Malwarebytes program to scan the computer and remove most of the infected items when the computer is not connected to the internet. However, as I rebooted the PC each time and ran Malwarebytes again, there is always the same three items that seem to be never able to be deleted by Malwarebytes' program.
Registry values infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntivirusDisableenotify (Disabled.SecurityCenter) -> Bad: (1) Good (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Firewalldisablenotify (Disable.SecurityCenter) -> Bad: (1) Good(0) -> Quarantined and deleted successfully.
With the task manager window opens I can see the virus is rebuilding itself once I connect the PC to the internet. An program call 923.exe or something similar will appear in the Processes tab under Windows Task Manager. The virus executable program appears in the Processes tab has a different name each time it appears when you reboot the computer. By terminating the process of this executable program, I was able to stop the full blown installation of this virus in the computer. Then when I ran Malwarebytes program again, I get a large number of infected items and their numbers vary depending on how fast I can pull the plug on the executable program.
I then read up on another similar topic in this forum under "Advanced Virus Remover Disable programs/....... etc" by Bloggermom and I try to follow the instruction of downloading the ATF-Cleaner and SuperAntiSpyware program and then try cleaning my computer. But now I can't even start the computer into Safe Mode. It gave me a message that my computer has a virus and windows can not open. I am able to boot into the normal window but I can't run the CHDSK command.
At this point I am at a loss on what I can do next
I am posting this message with the use of my MAC laptop and I hope someone can help me to resolve this issue.
Thanks in advance