I'm having a serious problem with my PC. (For the record I have disconnected it from everything but the printer and am currently on my laptop) I'm running WindowsXP Home edition, and I'm 99% sure I've got the SP3, 100% sure I've got at least SP2. I use Mozilla Firefox for most of my internet needs, although sometimes I use IE for things not supported by Firefox such as PCPitStop's test center. The computer is used by my husband, myself and our roommate. With both of them being 100% male, I'm almost certain one of them has accidentally downloaded something from a dirty site (even though I've warned both of them not to accept ANYTHING, EVER!)
Backstory- I returned from work today at about one o'clock (PST), my husband says computer is off due to a 15 minute power outage (wonderful). He tells me that he was on Firefox today at about 10:30-ish, and after he closed the window he cleared the private data (I have it set to ask to be cleared when Firefox is closed) and after he clicked the clear data now button an antivirus firewall thing (his words) came up and filled the screen. It was shortly after that that we lost power. This confused me because non of my anti-anything programs come up unannounced. I turned the computer on, first things first I tried to log into the admin account, but it wouldn't load and the computer froze. Double wonderful. I do a hard reset and try to log onto the guest account, which I do successfully. First thing I notice is the nasty links on the desktop, youporn.com, porntube.com and nudetube.com.
Immediately an IE page opened up (since I didn't initiate it I closed it before it could load) as well as a strange program popped up the looked like a virus scanner, SecurityTool. It's icon is a blue shield with two gears. Having seen phony scanners before, i just said wtf? and closed it down. Then I started getting bubbles on my task bar tray:
"Security Tool Warning sndvol32.exe (or ccsetup223.exe, or scvhost.exe, or whatever other program I've recently tried) is infected with worm Lsas.Blaster.Keyloger. This worm is trying to send your credit card details using sndvol32.exe to connect to remote host."
"Your PC is still infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid the theft of your credit card details. Click here to activate protection."
"Spyware.IEMonster activity detected. This is spyware that attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs. Click here to remove it immediately with Security Tool."
Even though it says Security Tool, it comes from the blueshield icon of SecurityTool, not the Windows Security shield.
Checking the properties of the SecurityTool shortcut that had appeared on the desktop, I found that the target is C:\DocumentsandSettings\AllUsers\ApplicationData\06615927\06615927.exe
It was created at 9:59 am this morning, which is strange to me since my roommate left for work at 7:30, my husband didn't wake up until 10:30, and I was at work until 1pm.
After closing the windows, my desktop blanked out to blue- no icons, no picture, just the task bar. Next step was to try and run my CCleaner- I open it from the start menu and get the error "C:\Program Files\CCleaner\CCleaner.exe Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item."
Hmm. So I decide to try reinstalling CCleaner, just to see what happens. It tells me I have to be logged in as an administrator (oops, I forgot I limited the guest account), so I log off and try to log in under the admin account, and success, it worked this time! So I reinstall CCleaner it in the same place and get the error that it cannot open the location (sorry I didn't copy the exact error, I didn't think this problem would be so tough I needed help!). So I try to install with the name CCleaner2, and it works. I open the CCleaner, hit analyze, it starts, and immediately closes. Crap. I try again, renaming the installation folder Help (I need it!) and try again. Same results, it installs, opens, then closes.
I try everything I've got, Ad-Aware, HiJackThis, SpyBot, AVG... nothing opens, much less works. I cannot even access the Task Manager. I tried booting the computer in SafeMode but all I get is this error:
“We apologize for the inconvenience, but Windows did not start successfully." I can, however, start Windows normally.
I've been searching online for help here on my laptop for a while, and after ignoring the PC's repeated popups demanding that I remove the infections the PC suddenly went to a blue screen with white letters. Here is what is said, exactly. The grammatical errors are left in place.
A problem has been detected and windows has been shut down to prevent damage to your computer. The problem seems to be caused by the following file: SPCMDCOM.sys
In this is the first time you've seen this Stop error screen restart your computer. If this screen appears again, follow these steps:
Check to make sure any new hardware of software is properly installed. If this is a new installation, ask your hardware or software manufacturer for nay windows updates you might need.
If problems continue, disable or remove and newly installed hardware or software. Disable BIOS memory options such as your caching or shadowing. if you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select Safe Mode.
*** STOP: oxoooooo5o (0xFD3094C2, 0x00000001, 0xFBFE7617, 0x00000000)
***SPCMDCON.SYS - Address FBFE7617 base at FBFE5000 DateStamp 3d6dd67c
((Grammatical errors on the page:
Windows not capitalized
"In this is the first time...", In not If
"...any new hardware of software..." of not or
"...manufacturer for nay windows updates" nay not any
"...or shadowing. if you need..." If not capitalized))
The errors are a dead giveaway that it's not a legit screen. After pounding the heck out of Ctrl+Alt+Del I got the comp to reset.
(After typing most of this post out I relogged in on the PC to find that the SecurityTool no longer automatically appears, some (apparently) random artwork from an image file I have has shown up on the desktop, there is still no desktop image, and unfortunately my anti-malware programs still will not run. I cannot even access CCleaner’s installation file anymore.)
I'm sorry this is so long, I just wanted to give all the information I could think of. If there's some information I'm missing, or something you think I could try please let me know!