More system security

My situation is similar to some of the others, but I can't start in safe mode, can't run hijack this (even when renamed), can't open task manager. Any other options? Thank you.

Hello.

Can you do the following in Safe Mode with Networking, as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press your Enter key.

Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.) Once in the start up menu, select "Safe Mode with Networking", then do the following instructions:

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

When I try to start in safe mode, I get that blue screen that tells me to restart. I can't actually get it to load in safe mode or safe mode with networking.

Hello.

Please download Ice Sword from HERE

1. Download the zip to your desktop and extract it.
   
2. Open the Ice Sword folder and then launch IceSword.exe.
   
3. Will IceSword open?
   

No, I can't get Ice Sword to open. Tried renaming it, but I still can't get it to open.

It has to be renamed to a system filename, rename it to winlogon and see if it will run.

No, I can't extract the files or open anything.

Hello.
So you can't extract? then you'll need this renamed version I've uploaded.

http://rapidshare.com/files/245748362/winlogon.exe

That worked, thanks. I'm able to open it now, where do I go from there?

[*] Then look in the left hand bottom of the program and press "Registry"
[*] When the registry list opens, drag the line between the two windows so you can see which registry hive you need.
[*] Next, open the HKEY_LOCAL_MACHINE, and navigate to the following key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

[*] Now look in the right side pane for one or two run values that are just random numbers.
[*] The malicious run values will also point at something like this:

C:\Documents and settings\USERNAME\Application Data\43546\43546.exe

[*] Once you have found the value(s), right click it and press "Delete"
[*] Okay the prompt and close IceSword.
[/LIST]
Then reboot.

Tools should now work, so download Hijack This via my above instructions.

-

Last edited by bobsmith4812 on 3rd July 2009, 12:21 pm; edited 1 time in total

I'm afraid I have bad news.

Your system is infected with a polymorphic file infector called Virut. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a format and clean install, or destructive recovery if you have an OEM recovery partition, is the best way to clean the infection and it is the best and safest way to return the machine to its normal working state.

Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

Also, avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

Recent variants also modify htm, html, asp and php files.

Do not back up to another machine, as it may become compromised. Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups.


For more information, please see Here

Instructions how to format and reinstall Windows can be found Here