Malware Preventing the Reinstallation of Antivirus Program

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by gator717, Jan 18, 2009.

  1. gator717

    gator717 Private E-2

    Hello.

    For about two weeks now I have been battling several trojans/worms that have attacked my computer. I have managed to remove the majority but I'm still having one problem; I cannot update, run in real time or reinstall my Symantec Antivirus program. Every time I attempt to reinstall my antivirus program I have a window pop up saying my computer will shut down in 60 seconds; it also says I initiated this shutdown sequence. I usually use to Mozilla Firefox but I did use Internet Explorer about two weeks ago to view some sports videos on Yahoo Sports (the videos could not be opened with Firefox). Ever since I used IE my computer started acting weird; pop up ads all over the place, additional browser windows opening and my task bar disappearing. All those problems have been fixed except the problem of my antivirus.

    Thanks ahead of time for your help!

    Best,
    Erika
     

    Attached Files:

    gator717, Jan 18, 2009
    #1
  2. gator717

    gator717 Private E-2

    Attached is my MG log....
     

    Attached Files:

    gator717, Jan 18, 2009
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let's start with this:

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Now download The Avenger by Swandog469, and save it to your Desktop.

    * Extract avenger.exe from the Zip file and save it to your desktop
    * Run avenger.exe by double-clicking on it.
    * Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

    Be sure to tell us how things are running.

    Note: You need more ram:
    Code:
    Total Physical Memory    512.00 MB    
Available Physical Memory    62.91 MB
     
    Last edited: Jan 18, 2009
    TimW, Jan 18, 2009
    #3
  4. gator717

    gator717 Private E-2

    Thank you for the quick reply.

    I followed all of the steps you provided and I still can't re-install or update my antivirus program. I still get the pop up window saying my computer will shut down in 60 seconds. I tried re-installing it in safe mode and I also got the pop up window.

    Also, thanks for letting me about my computer's RAM.
     

    Attached Files:

    gator717, Jan 18, 2009
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Is Spyware Doctor a paid for or trial version? If trial, remove it.

    I see True Sword in your program files but not in the add/remove program list. Is this something you are running?

    I also see this in the registry:
    Windows KeyHook ---> did you install this?

    I would suggest that you disable all your spyware programs, run CCleaner and then run ATF Cleaner by Atribune.

    Then see if you can install your AV.

    I am not seeing any malware in your logs.
     
    TimW, Jan 19, 2009
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds