Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very Nasty Infection, It was AV2010 at First, Now Admin is disabled, Nothing Will run, Safemode Doesn't Work


  • Please log in to reply
2 replies to this topic

#1 Nick Ts

Nick Ts

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 24 December 2009 - 12:37 PM

This was given to me by someone else. He said he couldn't run MBAM, used rkill, then was able to run it, but still couldn't get rid of the virus/malware. He mentioned it was some rogue antivirus program (Antivirus 2010).

I tried putting in a USB drive so I could load some programs, it will not work.
Safe Mode does not work.
For certain things that I try to do, it says that Admin priveliges have been disabled (even though it is on an admin account).
Internet explorer does not work. Also it will randomly minimized everything, so that you can't even see it on the task bar.

I burned ComboFix onto a CD, but was unable to copy it to the desktop. I tried CTRL+V , and also Edit - Copy, but there is not Paste option once I tried to copy it.

I ran ComboFix from the CD, it started up, and it just sits there at the screen: "ComboFix is preparing to run".


For Safemode, it gets to the line :System32\Drivers\Mup.sys and then it just hangs.

Any help would be greatly appreciated.

Edit: This is running on Windows XP

Edited by Nick Ts, 24 December 2009 - 12:42 PM.


BC AdBot (Login to Remove)

 


#2 albarwn

albarwn

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:12 PM

Posted 24 December 2009 - 01:01 PM

you can try

dr web cure it tool (( try it first )) you can burn it on cd and run it from there

ftp://ftp.drweb.com/pub/drweb/cureit/h7zdbjjw.exe


or

try dr web rescue cd

ftp://ftp.drweb.com/pub/drweb/livecd/minD...iveCD-5.0.1.iso

#3 Nick Ts

Nick Ts
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 24 December 2009 - 01:29 PM

I am currently downloading the Web CureIT tool and will run it.
I tried to run SAS but it says "The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed.

I ran HiJackThis and removed batmeter16.dll




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users