My computer has been hijacked to such an extent I am unable to actually run any programs, run anything I've downloaded to try and purge the virus and I had to boot up in safe mode to gain the most minimal control over the computer.
This afternoon, my computer suddenly started to warn me that I had several viruses and a program I have never seen, but which sort of looked like a Microsoft security program, identified 36 trojans, malware and spyware threats and told me I needed to activate my security tool in order to get rid of them. Every time I tried to close out of the program, turn it off, get rid of the messages, they just popped back up. When I tried to run the security programs I have, I got messages that I didn't have permission or that the application was infected so could not be run.
I came here to see if there were any threads on this problem and found 2 (I did this before things escalated to the point I couldn't do anything) and suggestions to download and run things like DSS etc were unsuccessful as the virus kills them as they attempt to boot up and I get a message saying the application is infected and I must purchase a security update. I even couldn't access my Windows Task Manager (it too "is infected"). The only way I got this far was to boot up in safe mode with networking, then as fast as possible, open up the task manager and kill MsMpEng.exe. If I kill the local security operations though, the virus messages start up again and take over.
I am going to see if I can get any security tools to run after posting this (don't want to miss the opportunity to post in case things get worse when I do) and will provide an update if I get anywhere.
Any help is greatly appreciated. This is truly the worst my computer has ever been affected and it is pretty much unusable at the moment - I am just hoping whatever the cure it, is something I can actually do.
Update: I found another thread with this issue and instructions on what to run and upload so performed (or tried to) the tasks requested. I ran Defogger, DDS, Gmer and tried to run RKHookerLE (see attached error). All logs are uploaded as well. I am still running in Safe Mode (haven;t logged off since loggin in with that mode). I ran Windows Defender and Spybot with no issues found (I was unable to update defender but was able to update Spybot).
Quick update: I was able to do a system restore in safe mode (no networking) and it did restore. No evidence of the virus and the Kaspersky software I renewed and updated yesterday showed no evidence of having been updated so I had to do it again. I "quick scan" with Kaspersky tuned up nothing, so now I am running the Full Scan. I had access to Windows Task Manager and ended the AMPMDM.EXE process (based on google articles suggesting it was malware). One thing: I can't get the Kaspersky message saying the Kaspersky databases are corrupted to go away - not sure it is legit, but any info may help. I have zero expectation the virus is gone - just figure it is hiding, so still need help (so far). Thannks....Mary Beth
EDIT: Posts merged ~BP
OK, since my last update: I ran the full Kaspersky scan and it found nothing. I ran it a second time yesterday and still nothing then Spybot today - nothing. Can a system restore really wipe out a virus that kidnapped my computer? I am suspicious (appreciative that I have control back, but suspicious). Any suggestions, thoughts, confirmation, etc., is truly appreciated!
EDIT: Posts merged ~BP
Edited by Budapest, 03 March 2011 - 01:41 AM.