I have a computer that is severely infected with probably more than 5 viruses or trojans and probably with a rootkit. When I try to do anything on the computer from its built-in Windows 7 OS, the malware kill active tasks, windows and processes and the screen/active window flashes between active process when it starts killing windows/processes or is doing something. Also sometimes it tries to shut down the computer by showing the Shut down/Turn off computer window. Because of this, I am unable to run virus scanners directly from the built-in OS and also from a separate CD drive that is read-only. Also I am sure there is at least one fake virus scanner installed (360?) and another called Thunder networking which is not a "virus scanner", and the malware has infected the system files including the WINDOWS folder and the i386 folder, and possibly even the BIOS.
First I tried to run tools from within the Windows 7 OS: I tried to kill the active malware processes using Rkill, but it did not find/kill any processes. Then I ran the McAfee Stinger but it was terminated by the malware after 30secs-1min of running. I tried to use Hiren's Boot CD (v10.6) to remove the malware by scanning the hard drive as a data disk, but when I run the Mini XP on the Hiren's CD and run scanners like GMER or SuperAntiSpyware or CWShredder, by 5-15 minutes after running the scanner, the malware always kills them, closes all running windows, and tries to shut down the computer by showing the Windows Shutdown/Turn off computer window. And this is with me running Mini XP from Hiren's Boot CD and I am using a CD-R with a read-only disc reader.
When I ran GMER and some other scanners, some error prompts showed up that said some WINDOWS/System/config files and Other system files including the registries were missing or something, so I am very sure that the System files are infected so I cannot run the Boot CD correctly. I think there are 5 partitions on the hard disc (probably some made by the malware) and the one that are used when running the Boot CD's Mini XP are X: and another one. The X: drive's i386 system files are missing or infected and I don't know if they are the ones from the computer or on the Boot CD. I don't know if the Boot CD itself was already infected, but I downloaded the iso from Hiren's website, not from a third-party. I'm sure I burned the image correctly because I used RAW SAO (1:1) and burned at 16 for the first disc I ran (which became infected when I ran the CD in the computer's disc reader which was also a writer). and burned at 10 for the second one, so I'm sure the data isn't corrupt.
So the problem is: I cannot run GMER to get a log because the malware kills it, I cannot run Stinger because it also kills it. I used a Boot CD from a separate disc reader to run them, but the malware still killed them and tried to shut down the computer. I don't know what I should do and what other tools I can use in this situation. I don't know what malware is in the computer, so I think I should probably run a malware identifier scan. But I don't know the best tools to use. Can you guys guide me through the malware removal process? (P.S. I will post the logs here, but I posted this in the problem thread too).
Update: After running Kaspersky Rescue Disc 10, it found nothing. The malware was still attempting to terminate the scanning window/process.
Edited by Mr. PH, 07 January 2012 - 07:41 PM.