Malware blocks Malewarebytes

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Administrator

You only need to get one of them to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

1. Rkill.exe
2. Rkill.com
3. Rkill.scr
4. Rkill.pif

Once you've gotten one of them to run then try to immediately run the following.


Now download and Run exeHelper

• Please download exeHelper to your desktop.
• Double-click on exeHelper.com to run the fix.
• A black window should pop up, press any key to close once the fix is completed.
• A log file named log.txt will be created in the directory where you ran exeHelper.com
• Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


I want you to run TDSSKiller so refer to the below for how to do so.

TDSSkiller - How to run


Please also download MBRCheck to your desktop

• Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
• It will show a Black screen with some information that will contain either the below line if no problem is found:
  • Done! Press ENTER to exit...
• Or you will see more information like below if a problem is found:
  • Found non-standard or infected MBR.
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
• MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
• Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )

Then continue on with these instructions appropriate for your operating system READ & RUN ME FIRST. Malware Removal Guide

 

Hi there.

You missed this bit:

 

Why am I not seeing any AV protection on this system?

Do you have your XP CD?

Please use add/remove programs to uninstall:
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.1_02
Java(TM) 6 Update 2
Java(TM) 6 Update 26
Java(TM) SE Runtime Environment 6 Update 1

Use windows explorer to find and delete:
C:\Program Files\AntivirusPro_2010

Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now, if you don't have your XP CD, you can make a recovery console disc here:
This is a download of an .iso file of just the Recovery Console for XP.
Burn to CD with Nero or other 'disc image' capable tool and boot.

XP Recovery Console.

You can use ImageBurn to create the disc.

Boot into your bios and change the boot order to CD/DVD as first boot device. Insert the disc and reboot. Once in the Recovery Console, type this:
fixmbr

Exit out and reboot to normal mode.

Download OTL to your desktop.
Double-click OTL.exe to start the program.

• Copy and Paste the following code into the Custom Scans/Fixes textbox. Do not include the word Code

Code:

:processes
:otl
:files
C:\WINDOWS\3057707195
:commands
[PURITY]
[EMPTYTEMP]
[RESETHOSTS]
[REBOOT]

• Then click the Run Fix button at the top.
• Click the OK button.
• OTL may ask to reboot the machine. Please do so if asked.
• The report should appear in Notepad after the reboot. Just close notepad and attach this log form OTL to your next message.

Now download and install:
Java Runtime 7

Re-run MBRCheck and attach the new log. Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).Make sure that you watch for the license agreement for TrendMicro HijackThis and click on the Accept button TWICE to accept ( yes twice ).

Then attach the below logs:
* OTL log
* MBRCheck log
* C:\MGlogs.zip

Make sure you tell me how things are working now!

 

@TimW and Kestrel13!, Don't forget the rest of the Zero Access infection. Like the below still exists

Code:

"C:\WINDOWS\"
305770~1      Oct  5 2011           0  "3057707195"

Which means you likely have more.

 

Yes, carry on with the instructions I gave you. You can also make a Recovery Console disc by doing as I instructed to fix your MBR. Attach the requested logs once you are done.

 

That is just a standard warning when ever one tries to re-write the MBR. Unless you are on a Dell computer, you can safely go ahead and re-write it.