XP Antivirus 2010 malware

Hi - I have a Dell XPS 600 – running XP Professional up to date with ms updates, service packs, etc. Everything, including safe mode has been taken over or at least appears to have been taken over. I cannot get to the internet, can't run any virus scans - it has taken over or disabled everything - at least in the view it is presenting. XP Antivirus 2010 malware rapidly moved from fake pop-ups telling me that I had serious security threats and needed to buy their software immediately to a really nasty, deep down infection. (I didn’t try to buy their software).

From what I've read of the virus, and what my experience confirms, it runs in parallel with other programs that you execute and disables the ones that it finds to be threats (I may have read that in this forum…). So every time I’ve run a program to fix this thing (antivirus, regedit, msconfig to name a few) it disables those and the problem gets worse the more I try - I kept losing capability to use the computer resources with each login. It even displays a fake task manager now.

I have begun to see lots of posts that are similar to mine. It is vicous if you don't catch it at the beginning. I believe it's the same thing as "bsmadi" has in another post on this forum.

• I originally tried the Malwarebytes program when I could still load from a flash drive, but made one critical mistake in closing it before I let it reboot to finish the clean up and give me a window to do more de-tox of the pc. I seem to have blown my one opportunity to catch this thing early enough by doing that.
• F8, F12, F2 cannot get around the shell it’s put up. Something happens right after the Dell screen appears showing the choices (F8, run in safe mode, for example) - the malware takes over as soon as I hit enter on any of the options
• I can’t access the jump drive or the internet to install removal software. The port for the flash drive does not appear in the taskbar (nothing does except a fake start button), the flash drive does not light, does not show up in 'my computer' (which is also a fake).
• I can't reboot from my original XP installation disk. It stops at the welcome screen of the XP Pro Setup screen and freezes - will not let me type in an 'r' or exit, etc.. (I did read somewhere that I need at least SP 2 on the installation disk because I have SATA, not IDE - my original disk only has SP1. I will see if Dell can send me a new disk)

I feel as though the malware has created a whole sandbox for itself on another partition of my harddisk and that's what I'm seeing. Any exe that I try to execute brings up the 'what program do you want to use to open it' pop-up.

Now:
-- When I hit F8 to try and go into safe mode, the pc scrolls through a page full of lines: multi(0)disk(0)rdisk(0)partition(2)\windows\system32\drivers..... the bug has already taken hold at that point and then it just stops.

-- If I let it go into regular startup, a pretend chkdsk takes over the whole screen, then finally shows me my "desktop." The Start bar looks odd and does not show any of the devices (no indication that the network is not connected, no indication that the jump drive is available, etc.) The screen is completely filled with a copy of my desktop, none of the programs work. The flash drive does not light up or flash.

Full disclosure – I posted this on another website's forum and did not get much help as the solutions kept involving a jump drive to transfer files.

I would appreciate any help you can provide.

Hello,

I have deleted the three responses to this topic because it looked as though you were receiving assistance when in fact you weren't. I'm alerting those more knowledgeable than I to assist you with your computer issues.

Orange Blossom

Hello we seem to have limited options.. I think we should try booting of a repair CD.
let me know.

Avira AntiVir Rescue System

Hi - I didn't realize anyone had responded to my post - sorry for the delay. How do I create a new CD? I have my work computer I can use as long as I'm not jeopardizing it at all in the creation of the disk. I'll click on the link as soon as you give me the OK

I really appreciate your help. I think a boot CD is the only way to go.

Put A CD in the drive'
Open the link above
Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer.

Take the CD to the infected machine. Put the CD into the infected Computer and Reboot.
The PC needs to be set to boot from the CD drive m=,if it isn't already.

How to Set BIOS to Boot from CDROM:

Thanks - trying to find machine to burn cd. Will let you know as soon as I do it. Sounds promising.

Is there any way to creat a boot flash drive? I can't find anyone who will burn the CD. All of my friends have Mac's. I thought I saw someting on Avira and I can't find it again.

Interesting question. I will have to ask to be sure. But it may be possible to set the Bios to the Flash drive letter and then set that in the boot order.

ase my neighbor is having a similar problem and I am unable to get it to read cd's and jump drives. I am unable to access safe mode,safe mode networking. I am able to access safe mode prompt command. But do not know what I can do from there. The virus just continues to come up in safe mode. Don't know what to do. They told her 120 dollars to fix and another place told her 75 to 150.

Hello again,This may be our best hope.

Have you ever run Combofix on that computer?
Do you have a Windows XP install disc?

Do this first please........

Let's now create a boot disc so that you can access your files and folders and so I can get a look at a log.....

*** Please print these instructions ***

• Download Hiren's BootCD Iso to the desktop of a clean computer.
• Extract the zipped HirensBootCD.zip to your desktop.
• Open the extracted HirensBootCD folder and extract the zipped HirensBootCD.iso.
• Double click the BurnToCD.cmd bat file contained in the HirensBootCD folder. This will launch BurnCDCC.
• Insert a blank CD in your drive.
• Press Start. This will burn the image to disc. After it has completed...
• Restart your sick computer and boot from the HBCD you created.
  • If your PC is not booting from the CD, you need to change the boot order:
    • Restart your PC
    • As soon as you get an image, press the Setup key. This is usually F2, F10, F12 or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
    • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
    • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
    • The tab should now show your current boot order.
    • If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
    • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
  • Your PC should now boot from your CD.
  • Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.
• When the CD boots choose "Start MiniWindowsXP". Allow Windows to load. You will see a typical Windows Desktop.
• You will be able to access your sick drive and save files/folders from here.
• Create an ethernet (wired) Internet Connection
  • Double click the Network Support icon on the HBCD desktop
  • A computer screen will appear in the lower right corner system tray
  • Double click HBCD Menu on your HDCD desktop
  • Choose Menu
  • Then Browsers
  • Then Opera
  • Success?
• You should now be connected to the internet.
• Navigate here to the forum and click this link.
• Download the program and save it to the desktop.
• Once saved, close all other windows then double click the program to run it.
• When completed, a log will open.
• Save the log to the desktop using File>Save as, then post the log in a reply.
  
  Please note: If you are unable to connect to the internet then please download to a flash drive on a clean computer and transfer to the sick computer to run!
  
  
• In addition you now have access to all your files and folders amoungst many other utilities that we might need to use later.
• If you double click your Windows Explorer icon on your desktop you will be able to access your hard drive.