Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very nasty malware - have tried everything


  • Please log in to reply
6 replies to this topic

#1 MattVike12

MattVike12

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 11 December 2009 - 03:06 PM

Yesterday I got infected with fake Security Center / Anti-virus type malware that has disabled my task manager, won't let me run almost any executable file (I have even tried renaming ComboFix and Malwarebytes and that doesn't work), and gives me a blue screen of death when I try to run in safe mode. I have identified through a search one of the components of this infection: wscsvc32.exe. I renamed and deleted that file, but I am still very much infected. Again, I cannot run any anti-malware program - I get a message that says, "Application cannot be executed. The file ______.exe is infected. Do you want to activate your antivirus software now?" The "title" to this box says "Security Warning." Some of the random pop-ups I get are one for "Antivirus System Pro alert" and another that says "Spyware Alert !" where it asks if I want to activate antivirus system pro or stay unprotected. PLEASE HELP - THANKS!

In addition, I have tried to run several executables under the "run" tab to restore my task manager, and it will NOT let me run anything, from REGEDIT to taskmgr.exe, etc, etc.

One more thing that may be important in describing this: In my task bar, I have a red circle with a white x that keeps bringing up a bubble that says, "Click here to protect your computer from spyware!" with some other information below it. Also, there is a shield-looking object that is grey and silver in the task bar that also comes out with pop up "bubbles" on how my computer is infected.

Edited by MattVike12, 11 December 2009 - 03:14 PM.


BC AdBot (Login to Remove)

 


#2 fermomi

fermomi

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:42 PM

Posted 11 December 2009 - 03:15 PM

Hi,

I am only a user, not a specialist.

I am not trying to repair, because I don't know to

Just have a look in the posts, where your message is posted. 5 or 6 posts under yours, I have had a similar problem. read the posts that could help.

Regards

FMM

#3 MattVike12

MattVike12
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 11 December 2009 - 04:07 PM

I cannot run a single executable file. I have found another virus hlktmp in my temp folder but I can't delete it b/c I can't stop it from running. SOMEONE PLEASE HELP! :thumbsup:

#4 azfreetech

azfreetech

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:10:42 AM

Posted 11 December 2009 - 05:40 PM

Have you tried logging in to safemode? To get in to safemode gently tap F8 as the computer reboots. When you see the menu, select safemode with networking.

Install, update and run Malwarebytes. You can get it HERE . Install, update and run it. If you have problems installing it then try renaming the file before saving it to your desktop. I like renaming it to bgmama. Get rid of what it finds.

Remove what MBAM finds and then install and run ATF Cleaner (for WINdows XP and 2000 only!). Check the box for select all and then click the button Empty Selected. This will help clear out temp files, cookies and other junk that clutters up Windows.

Next install, update and run SUPERAntiSpyware. Get rid of what it finds. Finally update and run your antivirus program and get rid of anything that it finds. Post both the MBAM and SAS logs in your next response please.
DJ Digital Gem

I gave up on computers and now I just DJ!

#5 MattVike12

MattVike12
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 11 December 2009 - 06:06 PM

Thank you for the reply. Blue screen of death when I try and do safemode. I have also tried renaming the malwarebytes and other anti-virus software and it STILL won't let me run the program. It literally doesn't let me run ANY executable file, no matter what the name is. When I do, I get a pop-up that says, "Application cannot be executed. The file ____.exe is infected. Do you want to activate your antivirus software now?" I have had malware before but this is unbelievable - it is literally blocking ANY avenue to get rid of it!

#6 NotGoodWithNames

NotGoodWithNames

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 11 December 2009 - 07:55 PM

Hey if you have the program Security Tool installed then thats the reason why you cant access Task Manager or any other executable.

Google "Removing Security Tool", there will be a guide with a link on how to kill the process of it, allowing you to run exectuables.

however im still having trouble accessing Safe Mode myself as im still apparently infected with System Defender after the numerous scans of various anti-wares...

looks like your in my position :thumbsup:

#7 azfreetech

azfreetech

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:10:42 AM

Posted 11 December 2009 - 08:24 PM

Well you have the option of scanning with Hirens before the OS loads. Use a known working computer to download Hirens Boot CD 10.1 . Burn the ISO file to a CD so that it is bootable. Take the CD and boot the infected computer from it. Run the Antivirus scans (they include malware and spyware scanners) Remove what the scans find and try booting normally again.

Your other option is to pull the drive, slave it on to another known working computer. Run the MBAM, SAS and avtivirus scans that way and then re-install the drive in to its computer. Run the scans again.
DJ Digital Gem

I gave up on computers and now I just DJ!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users