Working on my girlfriend's dad's (there's a tongue-twister) IBM laptop - he has the fake Windows Security Alert virus described at http://www.bleepingcomputer.com/virus-remo...ssentials-alert
I've gone through that
guide, as well as a few others related to this specific piece of malware, to no avail. The malware is blocking almost any
exe file from running, including taskmgr and regedit - it doesn't even allow the other window to open, it just moves its own window to the top and refuses to close. No Firefox, no IE, no nothing.
Every link to every renamed rkill iteration has not worked for me - the window opens and closes instantly, returning to the fake antivirus screen. exeHelper stays open and appears to run fine, but does not cause the malware to close. When I run ComboFix, the blue bar pops up and fills up next to the cougar logo, but then disappears and pops back to the fake antivirus.
(Sorry for running ComboFix unrequested - just figured I'd try everything myself before I came crying for help. I've built two PCs so I'd like to think that I wouldn't have bricked someone's laptop armed with only ComboFix.)
Despite the program not closing, I decided to try the Malwarebytes program - which removed a couple of other pesky bits of malware he was dealing with, but did nothing to the fake Windows Security Alert.
Not sure if I'll be able to post logs at the moment - the laptop currently doesn't have a working web browser, is not equipped with a CD burner, and neither myself nor my girlfriend's dad have a flash drive. (I've been burning CD after CD of rkill/exeHelper/Malwarebytes/Combofix from his desktop computer downstairs and running them upstairs to get the programs onto his laptop.)
His OS, by the way, is Windows XP Pro SP2.
If you need any other info just holler - otherwise, thanks in advance for the help.