Virus this weekend, now unable to download anything and antivirus won't open

We got the Antivirus Live Saturday (not quite sure where/how - teen using the computer and clicking randomly = not good!).

How I fixed it: Opened IE, went into Tools, Internet Options, Connection, LAN settings, and unchecked the proxy server box.

AVG seemed to be affected, and obviously it didn't pick up the problem so after I was able to get back on the net I downloaded Spyware Doctor and did a full system scan. It found a ton of infections, removed them all and we thought we were good to go. Then last night I wasn't getting the error any more, but when I opened IE it started giving me the fake error message that there was an infection and directing me to the Antivirus Live page again. Argh!!

So I did a system restore to a few days prior to when I got the virus. Okay, all good. Except NOW the Spyware Doctor I downloaded isn't on my computer, and AVG won't work. I click it to open it and nothing happens. It didn't open in the system tray. I tried to uninstall it and I get the following: Installer initialization failed due to following error:
Error: @AvgErrorCode_0x0253 %FILE% = "C:\Program Files\AVG\AVG8"
@AvgErrorCode_0x0020

I tried to download Spyware Doctor and Avast and AVG uninstaller, etc. and nothing will download. Well, it appears to download but it won't run. I click "download" and it appears to be downloading but then when I click "run" nothing happens. I tried clicking "save" instead and it doesn't appear where I was trying to save it. I read on another site that sometimes malware can block the file name so I tried renaming it and saving it and stil didn't work.

I'm at my wits end!!! Any suggestions? Please?

Oh, I am running Vista Business Edition.

will it let you boot to safemode with networking?

If so, you might be able to download a new copy then and reinstall spydoctor or try malwarebytes. Either way, if it lets you, try a scan from in safemode, then reboot to normal mode and scan again in normal mode.

To enter safe mode, be tapping f8 durring bootup until you see options for safe mode

If you cannot use the Internet or download any programs to the infected machine, try downloading them from another computer (family member, friend, library, etc) with an Internet connection. Save to a flash (usb, pen, thumb, jump) drive or CD, transfer to the infected machine, then install and run the program(s). If you cannot copy files to your usb drive, make sure it is not "Write Protected".

Also download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
• If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

• Make sure the "Perform Quick Scan" option is selected.
• Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
• Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

-- Some types of malware will disable Malwarebytes Anti-Malware and other security tools to keep them from running properly. If MBAM will not install, try renaming it first.

• Right-click on the mbam-setup.exe file file and rename it to mysetup.exe. If that did not work, rename it explorer.exe.
• Double-click on the renamed file to start the installation.
• If that still did not work, then try changing the file extension. <- click this link if you do not see the file extension
  If using Windows Vista, refer to these instructions.
• Right-click on explorer.exe and change the .exe extension to .scr, .com, .pif, or .bat.
• Then double-click on explorer.com (or whatever extension you renamed it) to begin installation.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.

• Right-click on mbam.exe and rename it to wuauclt.exe.
• Double-click on wuauclt.exe to launch the program.
• If that did not work, then change the .exe extension in the same way as noted above.
• Double-click on wuauclt.com (or whatever extension you renamed it) to launch the program.

-- Other types of malware may delete the main mbam.exe executable file during installation or when attempting to perform a scan which results in various errors. One way to resolve this is to:

• Download and install Malwarebytes Anti-Malware on a non-infected computer.
• After installation, open Windows Explorer and navigate to the C:\Program Files\Malwarebytes' Anti-Malware\ folder where mbam.exe is located.
• Copy the mbam.exe file to the Desktop and rename it to wuauclt.exe or explorer.exe.
• Save the renamed file to a usb flash drive or CD and transfer to the infected computer.
• Place it in the C:\Program Files\Malwarebytes' Anti-Malware folder, and then double-click on it to run.

Alternatively, you can download a randomized renamed mbam.exe version (i.e. jdRjuT7Hk.exe) from here and use that.

Note: If installation coninues to fail in normal mode, try installing and performing a Quick Scan in "safe mode". Doing this is usually not advised as MBAM is designed to be at full power when running in normal mode and loses some effectiveness for detection & removal when used in safe mode. Further, scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM. Therefore, after completing a safe mode scan, reboot normally, uninstall MBAM, then reinstall it and perform another Quick Scan.

Rebooted in Safemode with networking, still getting the same problem. It will let me download the program, but on the screen where it asks you if you want to "Run" or "Don't run" I click "Run" and nothing happens.

I will download Malwarebytes onto hubby's laptop and try to transfer that over. If I also try installing Spyware Doctor that way, what files do I put on the drive? The whole folder, then look for the setup.exe file?

Thanks soooo much for your help!!

Edited by glowingeyes, 11 January 2010 - 03:55 PM.

Okay, I was able to download Spyware Doctor and MalwareBytes from a jumpdrive off of my husband's laptop. SD found and removed some low and medium level threats. MB found and removed two infections. Here is the MB log:


Malwarebytes' Anti-Malware 1.44
Database version: 3542
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

1/11/2010 4:42:37 PM
mbam-log-2010-01-11 (16-42-37).txt

Scan type: Quick Scan
Objects scanned: 98021
Time elapsed: 5 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\USer\AppData\Local\Temp\dfgdgdfgrgdgfdrdfs.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.


I still can't download any files from the Internet though - maybe it wasn't a virus/malware but something messed up with my computer itself? AVG still isn't working and I tried the avgremover.exe tool and same problem, when I click on "Run" nothing happens and if I try to save it to the desktop, it doesn't show up.

Any other ideas?

Thanks again for all of your help!!!

Now rescan again with Malwarebytes Anti-Malware, but this time perform a Full Scan in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

I also try installing Spyware Doctor that way, what files do I put on the drive? The whole folder, then look for the setup.exe file?

setup.exe file

Updated from version 3542 to version 3543 after full scan was performed. (I had already started the full scan before I read your last post).
Full scan log:

Malwarebytes' Anti-Malware 1.44
Database version: 3542
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

1/11/2010 5:44:13 PM
mbam-log-2010-01-11 (17-44-13).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 210640
Time elapsed: 46 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Ran one more quick scan after the update, no infections found:

Malwarebytes' Anti-Malware 1.44
Database version: 3543
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

1/11/2010 5:57:43 PM
mbam-log-2010-01-11 (17-57-43).txt

Scan type: Quick Scan
Objects scanned: 98302
Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

How is your computer running now? Are there any more reports/alerts, signs of infection or issues with your browser?

It seems perfectly fine, no issues except that I still can't download any files from the net. AVG is still on my computer but doesn't work, won't open. I tried to uninstall both through the AVG uninstall button on the start menu and through add/remove programs (or whatever it's called on vista) from the Control panel and I get the error message
"Installer initialization failed due to following error:
Error: @AvgErrorCode_0x0253 %FILE% = "C:\Program Files\AVG\AVG8"
@AvgErrorCode_0x0020"
I searched how to fix that and people recommend downloading the AVG remover tool, but I can't download anything. Argh!! I'm assuming I can download it to my laptop and run it from the jump drive, like I installed MalwareBytes and Spyware Doctor, but that doesn't fix the underlying problem.

Any thoughts?
Thanks again!!

I'm assuming I can download it to my laptop and run it from the jump drive

Yes -
AVG Remover Utility

There can be various causes for not being able to download files.

In the menu at the top of Internet Exlporer go to "Tools" > "Internet Options" > "Security" tab, click "Internet Zone", then click the "Custom level" button. Look under "Downloads" and check to see if "File Download" is Enabled? If not, enable it and click the "OK" button.

Make sure your downloading the file while logged into the Administrator Account or an account with administrator privileges.

Depending on your browser security settings, you may receive an alert under the top menu Information Bar that says "To help protect your security, Internet Explorer blocked this site from downloading files to your computer. Click here for options..." Click on that alert and choose "Download File". The File Download dialog box will appear asking "Do you want to open or save this file?" Enter your choice.

There are a few more troubleshooting suggestions in these links:

• Unable to Download Files Using Internet Explorer - How to Fix It
• Downloading Files FAQs
• Your current security settings do not allow this file to be downloaded error
• You receive the “Your current security settings do not allow this file to be downloaded” error message
• Internet Explorer doesn't ask where to Save Files?

Edited by quietman7, 12 January 2010 - 09:01 AM.

In the menu at the top of Internet Exlporer go to "Tools" > "Internet Options" > "Security" tab, click "Internet Zone", then click the "Custom level" button. Look under "Downloads" and check to see if "File Download" is Enabled? If not, enable it and click the "OK" button.

I'm at work right now but I will definitely try that when I get home this afternoon!

Depending on your browser security settings, you may receive an alert under the top menu Information Bar that says "To help protect your security, Internet Explorer blocked this site from downloading files to your computer. Click here for options..." Click on that alert and choose "Download File". The File Download dialog box will appear asking "Do you want to open or save this file?" Enter your choice.

Yep, it does and I download it, then get the run or save screen. If I click "run", then "run" again after it downloads, nothing happens. If I click "save", it appears like it is downloading and then the box closes and whatever program it is, it just doesn't appear where it is suppsed to (where I told it to save - I've tried the desktop and other various folders, tried renaming the file, etc.)


Thanks again, I really appreciate your help! I'll try the tips above tonight and let you know how it works out.

Thanks!!

Not a problem.