Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


At my wits end..

  • Please log in to reply
3 replies to this topic

#1 charlatan


  • Members
  • 3 posts
  • Gender:Female
  • Local time:08:17 AM

Posted 26 October 2009 - 09:38 PM

So a few weeks ago, I managed to pick up some nasty trojans/malware, and I have been unable to get rid of them. What makes this completely frustrating is that I am unable to run any kind of antiviral software (expect for McAfee on-access scan which for some reason does start-up and work) or even run HJT - not even in safemode or by changing file names. When I try, I get "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." I should also mention it was denying me access to my Task Manager but I managed to get around that. Antiviral software (MalwareBytes, Spybot S&D, etc.) that I do manage to install and run will normally be terminated within a few minutes, and then not restart again (I get the message mentioned previously). I have also noticed when starting up in safemode, there is an "Administrator" account that I don't recall being there before (it could've been though, since I couldn't tell you that last time I entered safemode before this month), and is not visible when I boot up my computer normally.

I had/have the AntiVirus Pro 2010 thing going on.. now it's a Advanced Virus Remover (PAVRM.exe), but it gets terminated shortly after start-up. My links in search engines are being hijacked, and I was (until very recently) getting lots of pop-ups. But those have stopped within the last few days. I'm a college student, so I'm very reluctant to drag my pc over to my school's IT department because I wouldn't get it back for at least a week and that's not really an option for me. If anyone has any advice or something else I could try, I would really appreciate it..

I am running Windows XP Professional.


Edited by charlatan, 26 October 2009 - 09:59 PM.

BC AdBot (Login to Remove)


#2 garmanma


    Computer Masochist

  • Members
  • 27,809 posts
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:09:17 AM

Posted 28 October 2009 - 09:07 PM

After running this application your scan tools should work

Please download Rkill by Grinler and save it to your desktop.Link 2
Link 3
Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer or you will have to run it again


Also run

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.


Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to High

Also try: right-click on rootrepeal.exe and rename it to tatertot.scr
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 charlatan

  • Topic Starter

  • Members
  • 3 posts
  • Gender:Female
  • Local time:08:17 AM

Posted 03 December 2009 - 08:42 PM

Wow, I'm really sorry.. I never got an e-mail that I got a reply to this thread and I kind of just forgot that it existed. I'll get back with a report asap..

Edited by charlatan, 03 December 2009 - 08:44 PM.

#4 charlatan

  • Topic Starter

  • Members
  • 3 posts
  • Gender:Female
  • Local time:08:17 AM

Posted 03 December 2009 - 09:09 PM

Okay, I got Rkill to work and managed to get RootRepeal to begin its scan. However, after a few minutes the virus kills it like every other program I try to run. I can't delete the file, it's now locked. So I tried downloading from another mirror and saving the file as tatertot.scr, but I get an error message saying I cannot run the driver when I try opening it.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users