Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Huge problem with Antivirus soft

  • This topic is locked This topic is locked
1 reply to this topic

#1 Hikari012


  • Members
  • 3 posts
  • Local time:02:50 PM

Posted 07 June 2010 - 06:49 PM


I suddenly received this antivirus soft virus a few days ago. It crashed my computer and I was unable to start up Windows, not even safe mode. Restored to the last restore point and I was able to get into windows safe mode, but I wasn't able to log into my administrative account. I was able to log into a normal account. On another site I was asked to run OTL which I did then I was supposed to install combofix and rename it to svchost.exe when I downloaded. I did it and tried to install it. Combofix tries to install but fails. It tells me that it can't open a file called nircmd.cfxxe. I received no reply from the person that was helping me for two days, so I tried to see if I could also log into the normal account on normal windows mode. I was able to, but the computer was very slow. I tried to install malwarebytes, which succeeded. When I tried to install it, the screen went black and I had to manually restart the computer. I tried downloading combofix on regular mode and it was downloaded but the same problem that happened in safe mode came up. I tried to run a scan in normal mode, but it was unable to detect any infections.

I am unable to get into my administration account because I think the virus is keeping me from going into it. (It tells me "An attempt was made to logon, but the network logon service was not started.") This happens in both regular and safe mode. Also when I was told to install combofix, I was told to disable my AV and firewalls, close out windows, etc. I did the following, but there was a problem with disabling my AV. On safe mode, the option to disable my AV (Symantec Endpoint Protection) was faded out and I was told that my AV was malfunctioning. When I was able to go into normal mode, the AV was supposedly not malfunctioning, but to disable AV was faded out because I was not administrator.

I am also unable to run firefox. I can only run IE. When I try to run firefox, firefox does not show up at all.

When I tried to use defogger, it told me it finished, but it had errors and would show me a log. A log did not show. I went to the DDS thing and it worked. I tried to scan with GMER and it did not let me. It told me, " C:Windowssystem32configsystem: Access is denied." Then, "C:Userspuawenng.SHU.000ntuser.dat" The process cannot access the file because it is being used by another process." And it ends with "GMER hasn't found any system modification."

I will also include the OTL log I was told to do. Is there any hope for me?

Thank you in advance!

And my OS is Windows Vista and the computer type is Lenovo Thinkpad T500.

My weekly scheduled scan (Symantec Endpoint Protection) ran (forgot that it did that) It actually caught something. This is what it says:

SpywareGuard Deleted
SpywareGuard Deleted
Trojan FakeAV Partial (Non Critical Failure)
Trojan. Gen (Quarantined)
Downloader Log only
Downloader Cleaned by deletion
Downloader cleaned by deletion

Should I delete the quarantined file? And if you need more information (I only posted what was under risk and action) I'll be happy to type it up here. smile.gif

Another Edit: BackdoorTidserv!inf was found on the computer and quarantined (supposedly)

Merged 2 posts. ~ OB

Attached Files

Edited by Hikari012, 07 June 2010 - 10:41 PM.

BC AdBot (Login to Remove)


#2 Farbar


    Just Curious

  • Security Developer
  • 21,716 posts
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:50 PM

Posted 10 June 2010 - 06:52 PM

Hi Hikari012,

As you have made some progress at school and you are still getting help at this forum there is no need to keep this thread open.

Good luck.

This topic is closed now.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users