The desktop is all one random color which changes depending on when it's started up, and in the middle it reads:
"YOUR SYSTEM IS INFECTED!
System has been stopped due to a serious malfunction.
Spyware activity has been detected.
It is recommended to use spyware removal tool to prevent data loss.
Do not use the computer before all spyware removed."
this came after my symantec internet security system asked me for permission for a program "Winupdate86" to get access to the internet, my response was Block All Access, then the computer changed as well as my desktop. My browser began constantly opening a tab to a random web address that I did not select, and when I click on a google link it may sometimes send me to an entirely unrelated web-page to the one I intended to go to by clicking on it.
I looked closely at my computer files and removed some stuff, but installed in my Windows\System32 folder was a few malicious looking things:
-Critical_warning (the XML file that is placed over my desktop so that I cannot change it)
-GEARSec application (a non-windows file in the windows folder. Every time I delete, it comes back immediately, it came with its own DLL which I deleted also and it doesn't seem to have re-appeared with the application, it's a process that's constantly running in my HijackThis task manager but I cannot physically remove it from the system32 folder, this is the response I get:
Error Deleting File or Folder
Cannot delete gearsec: Access is denied.
Make sure the disk is not full or write-protected
and that the file is not currently in use.)
and a couple of other things related to windows, updating, logons, and the number 86, that I removed, which were created in the windows folder on the day that the virus was received.
To note, Hijack this revealed two malicious looking things in the scan, which I managed to remove by removing the files in system32 that they accessed, these were specifically:
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
F2 - REG:system.ini: UserInit=C:WINDOWSsystem32winlogon86.exe
"Worm.Win32.NetSky" was what the virus told me that my computer had when I started it, but when I managed to remove the WinLogon86.exe application, all of the ad notices stopped.
I am quite positive that I attained spyware and adware, and due to not being top dog with computers (no classes, all self taught) I am at a bit of a disadvantage in my efforts.
Suggestions on how to remove entirely everything that was conceived?
-Laptop computer unable to hibernate, or start in safe mode (instead of safe mode, the computer presents a blue screen with two characters at the top left of the screen: ` ¬)
-Unable to change the desktop background in Right Click->Properties->Desktop tab
-Unable to access Task Manager (on admin account, but says "Task Manager has been disabled by your administrator.")
I would like all of these problems to cease as soon as possible. So, if you can help me fix it, great, if you can help me identify the virus that I have, great, if you're in the same predicament, feel free to tune in.
Edited by Penlord, 02 December 2009 - 11:35 PM.