I am using window xp, service pak 3. My computer was hijacked by Security tool. All they were doing was running a fake virus log and pushing me to buy their software to clean it up. All I had a blue screen and the start menu left. All Icons were gone. I could not run any .exe file, not even load word, excel etc.
Read the blog on Melwarebyte anti malware, it looked like that will work. However, I could not download the software as my USB port to which my wireless was connected was isolated, Mozilla and IE files deleted. While reading different postings on this blog, one of them said that it went away after sometimes while she continued to say no to the purchase. I realized it was a time based virus, so I went in and changed my computer date by 10 days plus. It worked, the security tool control was gone and I can work on my word and other docs. Now was time to download and run Malwarebyte to get rid of the security tool, I did download it on another computer and ran the tool. It detected about nine items and suggested that they will be deleted at restart. Checked again, Rootkit.agent was not deleted. I was able to bring up my wireless network and download Mozilla. The virus sitting in my computer or may be another new infection took over without me having any idea. They started sending bulk email from my account to sell Viagra. Had my account suspended for misuse by RR. Got it reinstated with the condition that I will work my tail to get rid of the virus.
Called RR security they suggested Combofix.exe. They also suggested to change file name before I run it. Tried to download combofix on the infected computer. The file was downloaded but it vanished. Search for Combofix did not work. Looks like it was not downloaded at the desk top and the file name was also changed by the virus. It may be sitting somewhere in my computer under a different name.
Used another computer to download combofix, renamed it to Alpha and ran alpha.exe. Before doing so, I ran malwarebyte anti malware updated version, also isolated the window firewall and closed all open programs. Things went all well as shown in the bleepingcomputer guidelines. When combofix tried to create the Window recovery console, My computer was not connected to the internet. The scanning process progressed without the recovery console. Went through different stages of scanning and then the blue screen box appeared saying "Creating Log Report", do not run any program until combofix has finished.
Usual time should have been 10-20 minutes, waited patiently, Left it on for 12 hours as of now. It is a blue screen with the same message. My screen does displays the start menu and all my icons on the desk top. What should I do now. Just restart the computer and run combofix again or ????. Picture of the screen is attached.