I need your help because this problem is driving me crazy. I beleive my computer is infected with some nasty malware which is proving very difficult to detect. I have performed numerous scans using spyware search and destroy/malware bytes/TDSS Killer/Bootkik remover/TDSS remover latest - although some of the scans claim to have found a few infected files and removed them, any new scans do not show any new infections found but the net effect of the problem is as follows:
Background information: I opened a legitimate website (2 days ago) but it started the java script and installed windows xp antispyware 2011 Malware. I used rkill.exe to stop it and then remove it with malwarebytes. Then I uninstalled Avast! (i was angry it failed to stop an unauthorized connection) and then replaced it with AVG internet security 2011 - but its resident shield is a right pain in the *** , and combofix wouldnt run with it, so I happily uninstalled AVG (with help from revo uninstaller)
- Including your own, many other malware removal and microsoft's websites are blocked. I am using firefox and everytime I try to open your website it says Firefox can't establish a connection to the server at www.bleepingcomputer.com.
- Google redirects, if i open a link in a new tab it will open a random website something like licosearch, I can only make sure I open the page I want by copying the link, and then pasting it manually in a new window
- Unable to start the ESET scanner (it wouldn't let me open the ESET website but luckily I already had their setup file) upon starting the sccanner it says unable to connect, proxy configured? I don't know what to type in the proxy - I normally connect direct to the internet.
- Unable to load up the computer in safe mode, it loads up a screenful of dlls but then reverts back to the very first screen you see when you start the computer, it repeats the cycle until i chose to start windows normally
- Most websites are working, computer is working but It is obvious that there is something nasty malware hiding in my machine, following extensive reading on your forums, I found a similar case and attempted to follow the steps you specified
- I include a Combofix log + malware bytes log for your perusal.
I would be grateful if you can supervise me from here on, as I tried everything I could think and find on the internet but the problem remains.
Thanking you in anticipation.
Note: I was following the instructions given in the thread with heading "Updates and Antimalware sites blocked - infection stopping update and preventing access to websites" - The user reported after combofix he could access the bloced website (eg microsoft) - IN my case I couldn't therefore, I did not follow the steps for using ATF Cleaner and thought its best if I seek some assistance from this point onwards.
UPDATE: In my desperation to try and get the safe mode working somehow, I tried the following (with disasterous results)
1. Googled for similar problems
2. Found something called safe mode fixer
3. I have superantispyware installed , it includes a utility called BOOT SAFE, I thought this is exactly what I was looking for as it offered to boot the computer into safe mode with networking.
RESULT: Computer is going round in circles without booting, as mentioned in previous post, if safe mode is selected a screenful if .sys load (last of which is AVGIDSEH.SYS)and then it reverts back to the initial boot screen (that you see soon as you turn the computer on)- and the process just repeats and repeats
Upon further reading on net i understand BOOT SAFE modifies the BOOT.INI and now computer wll always want to boot in safe mode, unless we can some how fix the boot.ini file again.
I also have the Windows Recovery Console installed but I get the BLUE SCREEN OF DEATH when I run it. The last line of whch reads
****STOP: 0x00000007B (0xF78D2524, 0xC000000034, 0x0000000000, 0x000000000)
Lastly, I found out about this AVG rescue disk that can be copied onto a USB Flash drive and make force the computer to use this to boot. Problem is my computer boot order does not show removable disk/USB options, it has HDD, CD ROM Group and Floppy Group only)
This is driving my crazy please help!
UPDATE 2: I am sorry to be commenting for a third time before you have had a chance to respond to my first message, I understand it will push me further down the list when you can reply me but I thought it is important to let you know the following
- Following the situation in my previous update, i borrowed a UBUNTO (Linux OS) boot cd from my neibhour, it allowed me to see the file system. I renamed the BOOT.INI.SAB to BOOT.INI and BOOT.INI to BOOT.INI.SAB2
I read somewhere that superantispyware creates this .sab or .bak file of the boot.ini as it was before any chages
This did the trick as the BOOT.INI.SAB did not have the command to enter safe mode therefore, now i can at least start the windows.
But all the other problem stil remain .. and I cannot access safe mode the normal way and other problems etc.
Loking forward for your reply.
EDIT: Posts merged ~Budapest
Edited by Budapest, 03 May 2011 - 04:38 PM.