Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

So many viruses and problems - urgently need help


  • This topic is locked This topic is locked
12 replies to this topic

#1 bittybotty

bittybotty

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 09 April 2010 - 09:40 AM

Hi there

I have had nothing but problems all morning.

First I had ave.exe and attempted removal. Then my firefox permissions went.
Then my computer kept locking up whenever I tried solving the problems.
I also discovered I had a virus called sdra64.exe. I then found a further one called inst.exe.

I cannot run Malware bytes as it wont load, and cannot load safe mode as I keep getting an error saying "Press Enter to continue loading SPTD.sys"

I have lost track of them all!!

This has all come about since yesterday. I did have ave.exe before but managed to solve it and it returned yesterday whilst I was reading BBC news.

Also, I am getting a persistent error on boot saying "The application or DLL c:\DOCUME~1\NETWOR~1\ntload.dll is not a valid windows image. Please check this again your installation diskette"

Followed by another saying "Error loading C:\docume~1\networ~1\ntload.dll. %1 is not a valid win32 application."


I AM SO DESPERATE NOW. THIS IS GONNA HAVE ME RIPPING MY OWN HAIR OUT SOON.

BC AdBot (Login to Remove)

 


#2 bittybotty

bittybotty
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 09 April 2010 - 09:50 AM

I should perhaps point out that I do have a functioning laptop that I am writing this on. And the problem lies with the desktop.

So I can try and download required things with this pc to use on it if need be

#3 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:11:43 PM

Posted 09 April 2010 - 10:14 AM

Will your computer boot to the Windows Desktop at all at this point?
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

#4 bittybotty

bittybotty
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 09 April 2010 - 10:18 AM

Yeah, I can get it to the desktop. However sometimes when I start doing things it will hang and crash

#5 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:11:43 PM

Posted 09 April 2010 - 10:25 AM

Let's start here:

First, Download rkill.com to your desktop.

Double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by these Rogue programs when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate these Rogue Programs. So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of the instructions.

Scan for Spyware/Adware

The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.

Please download Malwarebytes Anti-Malware Free version and save it to your desktop.

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.


alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
---------------------------
Be sure to re-enable your AV and malware scan tools if they were disabled

SAS, may take a long time to scan
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
  • First
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.

Please post the logs from MBAM and SAS when complete.
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

#6 bittybotty

bittybotty
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 09 April 2010 - 10:41 AM

Can I do all of this in Diagnostic Startup? As in Normal the computer just crashes

#7 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:11:43 PM

Posted 09 April 2010 - 10:44 AM

You should be able to yes. You can also try Safe Mode ( Preferred ).
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

#8 bittybotty

bittybotty
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 09 April 2010 - 10:46 AM

I can't get it into safe mode. It simply says "Press enter to continue loading SPTD.sys" and then reloads and goes into Normal Mode

#9 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:11:43 PM

Posted 09 April 2010 - 10:47 AM

Please try Normal Bootup and run rkill immediately. If you still lockup, then use diagnostic startup to complete the logs.
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

#10 bittybotty

bittybotty
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 09 April 2010 - 10:59 AM

It will barely even load into Normal mode without crashing. is there anything we can do to address the problem of it not going into safe mode?

#11 bittybotty

bittybotty
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 09 April 2010 - 11:10 AM

I give up. I can't resolve it in Normal Mode. I can't get into safe mode.
Its unfixable, it has beaten me

#12 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:11:43 PM

Posted 09 April 2010 - 12:17 PM

bittybotty,

If you have decided to give up, I'm sorry to hear that, but it is your decision to do so. If you would like to continue on, I would recommend that this is best left to the experts, so I'm going to refer you to the Virus, Trojan, Spyware, and Malware Removal Logs Forum.

Please read the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help in cleaning your computer. Once complete, post a link back to this forum so the HJT team knows what we have tried.

Please be patient as the HJT team is quite busy sometimes and it may take a day or even a few for someone to pickup your log but someone will get back to you.
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

#13 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:43 PM

Posted 11 April 2010 - 03:10 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/308577/so-many-viruses-and-at-the-end-of-my-tether/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users