Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Antivirus has been disabled by a virus, I suspect

  • Please log in to reply
1 reply to this topic

#1 it.girl61


  • Members
  • 1 posts
  • Local time:04:03 AM

Posted 25 December 2009 - 10:07 AM

:thumbsup: Hello, can someone please help me?

First of all, I have been in IT for 22 years. I am a great technician but I am baffled and feel like a failure; I don't know what to do. Actually I have never until now been faced with an issue like this.
This has been happening since last week. Something, a virus I suspect, has invaded my PC and has disabled my current antivirus program - Avira Antivir. I have tried and tried to enable it but I cannot. I uninstalled it because I could get no positive results in enabling it. The next thing I did was tried to run Spybot S&D and I was unable to run that program. I tried using the Symantec online system scan but to no avail.

My PC will not allow downloading of any antivirus programs at all, and I can not install any antivirus programs that I already have that are store-bought, and I receive a message stating that "Due to a security threat, this application cannot be installed.......". It's really frustrating! This is my laptop I am speaking of when I say my PC. Further more, my (wireless) Internet which used to work now doesn't (I suspect it's because of this virus) and the Wireless Zero Configuration has also been disabled as I receive an error 1068: "The dependency service or group failed to start"... (Remote Procedure Call (RPC) & NDIS Usermode I/O Protocol - whatever that is, which is the dependency which I can not locate to start it) what the heck is it exactly?

Okay, be real, do I need to copy all my important files to a spare hard drive and wipe out my system to start all over again or what? Can someone please help me?

Thanks in advance.

BC AdBot (Login to Remove)


#2 rigel



  • Members
  • 12,944 posts
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:08:03 AM

Posted 25 December 2009 - 02:04 PM

Merry Christmas. Backing up your files is recommended. We can attempt a clean though. Let's try and see where we get. First an on-line scan then a program. Hopefully this one can still be downloaded and run.

Let's do some trash removal first:
:trumpet: Please download TFC by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Please perform a scan with Eset Onlinescan (NOD32).
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista Users be sure to run Internet Explorer as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)
  • You will see the Terms of Use. Tick the check-box in front of YES, I accept the Terms of Use
  • Now click Start.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?" (OnlineScanner.cab)".
  • Answer Yes to install and download the ActiveX controls that allows the scan to run.
  • Click Start. (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, check: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan to start the online scan. (this could take some time to complete)[/color]
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software. Just close the window.
  • Now click Start > Run... > type: C:\Program Files\EsetOnlineScanner\log.txt
  • The scan results will open in Notepad.
  • Copy and paste the log results in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn\ them back on after you are finished.

Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users