Posted 30 December 2011 - 04:59 PM
First I wish to point out two things: One, I am not a tech specialist so I may use the wrong names for stuff and I apologize in advance. Two, I am making this post from a borrowed netbook for reasons that shall be explained further in the post.
My computer having this problem is a 1 year old Gateway laptop, model # NEW90; NEW91, Machine type NV59C series, Intel core i3-370M processor. The operating system is Windows 7 Home Premium edition 64 bit.
How it started: About December 17th, I got this popup for Windows 7 Antivirus 2012 (or something extremely similar in name) saying I was infected and my computer was on the virge of death and all kinds of other melodramatic stuff. I didn't buy into it (it helps having a friend in tech college) and instead used Norton and Malwarebytes to slay it. At the time I thought that was that. Then the next day it was back. I killed it again, from safe mode both times. Then off and on for the next few days I keep getting trojans and malware and stuff and having to purge my system. And then last night is when the whole thing decided to go to hell in a handbasket.
I return from a brief outing, and wake up my laptop to find it had rebooted while I was out. It then proceded to have a BlueScreen of Death 7 more times through the night and early morning hours. Whenever I would boot the computer normally, it would have another BlueScreen about 5-10 minutes later. Safe mode was the only way I could really do anything. I used Safe Mode with Networking so I could use YIM to connect with my more tech-proficiant friends and get some help. One friend got a friend of hers to try teamviewer to my computer since he is a coder, and he tried helping me. We tried everything we could think of: Malwarebytes, Norton, Avast, downloading special tools, he tried running ComboFix while in teamviewer, killing via task manager, killing via command prompt, killing via simply renaming the file extension to something not executable. None of it worked. Then this morning I got up and tried contacting Norton customer services, and using norton power eraser. No dice. Eventually my college friend found a method to try, but I had to reboot and open Safe Mode with Command Prompt. Which brings me to where I am now...
The Current Situation: Upon attempting to shut down and reboot, I could not load Windows. I cannot access the boot menu (F8 key) on my computer. It either does nothing or gets these series of beeps like the thing is swearing at me. I can access the F2 BIOS menu, and the F12 boot options, but I cannot get the advanced startup options from the F8 boot menu. I've turned my computer off and on several times. It either gets stuck in this loop where it flashes the Gateway logo, then blank, then logo again, then blank, etc. or it just goes to the Gateway logo and then to either a blank screen or a blank screen with a little white horizontal line flashing in the upper left corner. I can't even access safe mode, let alone boot normally. Which is why I'm making the post on this borrowed netbook.
What I know about the source: Unfortunately due to not being on my own computer I cannot provide scan logs, screenshots, or anything of that nature. However I do know some information that may be useful to anyone more technologically knowledgeable than me. The trojan in question is called svchost.exe, and the primary difference from the legit version that shouldn't be messed with is that it has the wrong filepath. The fake is located in C:/Windows, while the legit version is found in C:/Windows/System32. Another difference is that in the Processes tab of Taskmanager, the trojan has "*32" after its name, distinguishing it from the non-malignant processes. Attempting to delete it simply causes another copy to respawn in its place. Attempting to kill the process in Taskmanager or even the whole process tree causes it to auto-reboot instantly. Trying to do "del svchost.exe" from command prompt has so far resulted in an 'access denied' message. Doing "ATTRIB -H -R -S svchost.exe" does nothing. Antivirus scans either fail to remove it or mistake it for the legit file and give it the green light.
And what may be the freakiest part is, whenever I come across something that seems like it has a viable chance to remove it (downloading Avast after successfully downloading other tools that failed, or not letting me boot at all when I need to boot in safe mode with command prompt for example) something seems to happen to screw up the attempted removal, like the thing is actively trying to thwart me.
My college friend is going to try and help me do a force boot from the BIOS menu, but I am not sure how that will work. Nuke and pave is kind of out of the question, since I currently cannot locate the CD to restore Windows. If we manage any progress I will try to edit this post with updates. Any and all assistance is greatly appreciated.