I suddenly received this antivirus soft virus a few days ago. It crashed my computer and I was unable to start up Windows, not even safe mode. Restored to the last restore point and I was able to get into windows safe mode, but I wasn't able to log into my administrative account. I was able to log into a normal account. On another site I was asked to run OTL which I did then I was supposed to install combofix and rename it to svchost.exe when I downloaded. I did it and tried to install it. Combofix tries to install but fails. It tells me that it can't open a file called nircmd.cfxxe. I received no reply from the person that was helping me for two days, so I tried to see if I could also log into the normal account on normal windows mode. I was able to, but the computer was very slow. I tried to install malwarebytes, which succeeded. When I tried to install it, the screen went black and I had to manually restart the computer. I tried downloading combofix on regular mode and it was downloaded but the same problem that happened in safe mode came up. I tried to run a scan in normal mode, but it was unable to detect any infections.
I am unable to get into my administration account because I think the virus is keeping me from going into it. (It tells me "An attempt was made to logon, but the network logon service was not started.") This happens in both regular and safe mode. Also when I was told to install combofix, I was told to disable my AV and firewalls, close out windows, etc. I did the following, but there was a problem with disabling my AV. On safe mode, the option to disable my AV (Symantec Endpoint Protection) was faded out and I was told that my AV was malfunctioning. When I was able to go into normal mode, the AV was supposedly not malfunctioning, but to disable AV was faded out because I was not administrator.
I am also unable to run firefox. I can only run IE. When I try to run firefox, firefox does not show up at all.
When I tried to use defogger, it told me it finished, but it had errors and would show me a log. A log did not show. I went to the DDS thing and it worked. I tried to scan with GMER and it did not let me. It told me, " C:Windowssystem32configsystem: Access is denied." Then, "C:Userspuawenng.SHU.000ntuser.dat" The process cannot access the file because it is being used by another process." And it ends with "GMER hasn't found any system modification."
I will also include the OTL log I was told to do. Is there any hope for me?
Thank you in advance!
And my OS is Windows Vista and the computer type is Lenovo Thinkpad T500.
My weekly scheduled scan (Symantec Endpoint Protection) ran (forgot that it did that) It actually caught something. This is what it says:
Trojan FakeAV Partial (Non Critical Failure)
Trojan. Gen (Quarantined)
Downloader Log only
Downloader Cleaned by deletion
Downloader cleaned by deletion
Should I delete the quarantined file? And if you need more information (I only posted what was under risk and action) I'll be happy to type it up here.
Another Edit: BackdoorTidserv!inf was found on the computer and quarantined (supposedly)
Merged 2 posts. ~ OB
Edited by Hikari012, 07 June 2010 - 10:41 PM.