Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help me with "Advanced Virus Removal" software!! Cannot even load windows!!


  • This topic is locked This topic is locked
9 replies to this topic

#1 *angels

*angels

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 27 September 2009 - 10:31 AM

This is the second time this virus has infected my computer. Even from the first time my PC was infected I knew it was a fake and took several measures to remove, delete, and prevent it (I consider myself to have a moderate amount of know-how), but it keeps re-appearing, re-installing, and taking over my PC. I disabled my task manager, and took over just about everything - even changing my background to this ugly text image and disabled my ability to go in and change the background. Well at the time I didn't think it was much of a big deal because I had backups of my pc stored on an external hard drive and I would simply format it and reinstall everything.

Wrong! Well it turns out the virus also disabled and removed every driver I had - I mean when you format something it should go back to the basics, back to factory settings. Well my PC was restored to below factory settings. There was no sound, it couldn't recognize USB plugs in the devices, couldn't recognize the wireless, no browsers, nothing! All it had was the trash can! I had the CDs to put back in a few things but even then it was not right. I was still missing a ton of stuff and had to mke several phone calls to the manufactuer, tech support, etc. It was a nightmare. Finallt got a guy to come and repair it for free since it was under the last few days of warrenty. Went to go retrieve my back up files to find they were only HALF there, if that. I do a lot of work with 3d modeling and programming and my work is all gone! I am so furious.

So this time around when it got me a second time (I have mcaffe and avg, just so you know), I immediately recognized it, try to remove it again. No dice. I try to look up how to remove it online, but all my searches were BLOCKED and redirected. So I swear, I don't even take ONE minute to go to a different computer, look up how to remove it, download a program on a USB drive to get rid of it, come back and my PC has restarted itself. Wonderful, I know exactly where this will lead me. It takes forever to load and windows xp doesn't even come up. sometimes it just shows my old background and doesn't do anything else - still wont let the task manager up, start bar doesn't appear, nothing. it's just my old background. Most of the time now I get something entirely different and it's another fake warning screen with the 'list of infected trojans/viruses/etc' asking for payment, etc. And when I close out those boxes, it's just the giant ugly text background trying to scare me into buying their scam. I can't access anything! not even the command prompt! Safe mode doesn't work, neither does trying to debug it. when I try to go into recovery mode it crashes because my screen says some file is missing, removed, or blocked.

I dont want to have to format my PC again because of the hassle i went through last time. not only that, it is no longer under warranty. that and i havent made a backup file recently. last time i was only able to recover about half of what i had but this time i wont have anything! i thought about going to a repairman but i dont want them to charge me for a diagnoses and then tell me my only option is to format when I can do tha myself for free. I really need some help and advice! I am so tired of this thing! It's ridiculous because I don't even look a porn or download things like mp3s, games, etc. I was just reading an article on Ben Barnes! Can't a girl get any peace? This is just way out of my hands and any advice or help or anything would be really appreciated.

BC AdBot (Login to Remove)

 


#2 *angels

*angels
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 27 September 2009 - 08:46 PM

update- i figured out that if i shut down my wireless on the laptop before logging in as the administrator, i can get windows to load and my background gets kind of an 'error' message saying it deactivated my desktop. i can access programs, and i dont get all the pops ups and annoying messages until i turn the wireless on. i thought i was lucky because i had the malware removal program on my flash and was able to finally install it.

unfortunately that is not the case. while everything uploaded fine, as soon as i run the full scan on my laptop, it literally counts up to 3 seconds, gets shut down, and then uninstalled. afterwards i get annoying pop up again - even if my wireless is disabled.

also, 'advanced virus removal' has seemed to rename itself to "total security".

any feedback for my situation would be greatly apprecaited. thanks.

#3 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:01:57 AM

Posted 27 September 2009 - 09:25 PM

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

----------------------------------

Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to High

Also try: right-click on rootrepeal.exe and rename it to tatertot.scr
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#4 *angels

*angels
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 28 September 2009 - 09:47 AM

Ok did that and the firs two times i ran it, everything froze so i had to restart my laptop. third time it never got to finish because it was shut down midscan and then uninstalled. the virus left a 'shell' program on my laptop and when i try to reinstall, or delete it i get a message saying it's locked/protected. tried to rename it and it wont let me. renamed the file on my flash drive to what you told me to but now my laptop isn't recognizing my flash drive anymore.

#5 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:01:57 AM

Posted 28 September 2009 - 07:05 PM

USE THIS ONE

Please download Win32kDiag.exe by AD and save it to your desktop.
alternate download 1
alternate download 2
  • This tool will create a diagnostic report for me to review.
  • Double-click on Win32kDiag.exe to run and let it finish.
  • When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
  • A file called Win32kDiag.txt should be created on your Desktop.
  • Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.

    --------------------------------------
Go to Posted Image > Run..., then copy and paste this command into the open box: cmd
Click OK.
At the command prompt C:\>, copy and paste the following command and press Enter:
DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt
A file called log.txt should be created on your Desktop.
Open that file and copy/paste the contents in your next reply.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#6 *angels

*angels
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 30 September 2009 - 11:46 PM

i can't, my laptop wont open anything on it anymore. it doesn't recognize my flash drive, i can't get the explorer to open up, and nothing comes up when i try to click a tab under the start menu. i can still move my mouse around and highlight and select things but nothing happens when i click on it.

#7 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:01:57 AM

Posted 01 October 2009 - 04:56 PM

Can you boot into safe mode?
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#8 *angels

*angels
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 01 October 2009 - 10:01 PM

surprisingly, yes i did manage to get into it somehow (it wasn't working before), and i ran tha last program you posted.

i got an error message that read like this:

ERROR OCCURRED!
---------------------
Windows Version: Windows XP SP 2
Exception Code: 0xc0000005
Eception Address: 0x00402415
Attempt to write adress: 0x00000000

After hitting "ok" i got a pop up from Windows. It's the normal 'an error has occured' pop up asking me to send in a report to microsoft to tell them about the problem or skip it. it did make a text file like you said but i never got the 'finish/press any key to exit' so not sure if it finished when it made the report. anyway this is what i got:

Running from: H:\Documents\Win32kDiag.exe

Log file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB890046\KB890046

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP176.tmp\ZAP176.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP21D.tmp\ZAP21D.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP300.tmp\ZAP300.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Downloaded Installations\Macromedia Contribute 3.11\Macromedia Contribute 3.11

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\InCD\InCD

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\inf\ASM\ASM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA330100007706000000000020\7.0.0\7.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe

[1] 2004-08-04 22:00:00 743936 C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe ()

[1] 2008-04-13 20:12:21 744448 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\helpsvc.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\repair\Backup\BootableSystemState\BootableSystemState

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\repair\Backup\ServiceState\ServiceState

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\setup.pss\setupupd\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\10\policy\policy

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\51\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\51\policy\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\policy\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\60\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\70\70

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2008-04-13 20:11:53 56320 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll (Microsoft Corporation)

[1] 2004-08-04 22:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2004-08-04 22:00:00 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\Temp\hsperfdata_SYSTEM\1404



ERROR OCCURRED!

------------------------------
Windows Version: Windows XP SP2
Exception Code: 0xc0000005
Exception Address: 0x00402415
Attempt to write to address: 0x00000000



#9 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:01:57 AM

Posted 02 October 2009 - 06:53 PM

Now that you were successful in creating those two logs you need to post them in our HJT forum:
First, try to run a DDS / HJT log as outlined in our preparation guide:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
If it won't run, don't worry, just give a brief description and tell them that these logs were all you could get to run successfully
Post them here:
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

The HJT team is extremely busy, so be patient and good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#10 *angels

*angels
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 04 October 2009 - 08:42 PM

thanks for your patience and the replies. i appreciate the help. i have posted as you instructed. as you expected the dds program didn't work, but i posted that log. thanks again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users