programs wont start, calendar instead, and no MG tool access

I'm trying to fix a problem with a friends PC. He has German Vista 32 Home Basic V6 SP2 installed on a 2 yo laptop.

Whenever we boot up, the Windows Calendar is popping up.
Other symptoms are, none of the tools recommended in the Readme 1st run, the calendar always starts instead. Can download, but not install, calendar pops up.
Cannot access CMD prompt,and hence MSCONFIG.
Task Manager and right clicking are available, but no administrator rights.
Attempting to boot in Safe mode, the system hangs. Have waited 10 minutes plus.

IE works, Chrome no longer, get the damned calendar, NB. Not the one at the bottom right

I'm at a bit of a loss as I cant run any of your tools, or produce any logs.

Has anyone experienced this, or got any advice?

 

Try not to restart the computer until one of the tools we use does it for you or tells you to.

You may need to use a Flash Drive or CD to transfer over any of the files that you can not get to download to the infected computer.

If one of the tools will not run just go on to the next one. Save the logs to post in your next reply.

1) Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the next one.

Vista and Windows 7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* When finished it will create a log.
* Please post the rkill.log in the next reply.

* If Rkill does not run from the first link, delete the file, then download and use the one provided in Link 2. If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.

If you are having problems running Rkill, you can download iExplore.exe or eXplorer.exe, which are renamed copies of Rkill.com, and try them instead.

* If Rkill does not run from any of the links provided, please let me know.


Once you've gotten one of them to run then try to immediately run the following.


2) Download and run exeHelper

* Please download exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Add the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).



If you already have them installed, be sure to update Malwarebytes and SUPERAntiSpyware before the scan!

Now run this: Using Malwarebytes Anti-Malware

Now run this: SUPERAntiSpyware - running & getting a log

Now run this: Using MGtools

Logs needed:

• Rkill
• exeHelper
• Malwarebytes
• SUPERAntiSpyware
• MGlogs

 

They download OK, but none of your tools run. Many applications, not all, have a strange icon. For instance IE is OK, Chrome not. All the MG tools are the same, and when downloaded simply start this Windows Calendar.
And as I said, we can NOT run anything as administrator. That option is not even available.

I put the tools on my thumb drive, and had the same scenario.

Can you suggest something to create a boot up CD, or boot up flash drive, rather than downloading files to them? If we can get a boot from those rather than the hard disk, i can start running your tools.

many thanks

 

Avira AntiVir Rescue System

1. Download the Avira AntiVir Rescue System
- If you need a free burning application, CDBurnerXP works on all operating systems from Microsoft Windows 2000 SP4 onwards.
2. Place a blank CD in your burner and double-click on the downloaded file.
3. The program will automatically burn the CD for you.
4. Place the burned CD into the affected computer and start the computer with the CD in the CD tray.
5. On the bottom left side of the screen there are 2 flags. Using your mouse click on the British flag to use English.
6. Click on the Configuration button.

- Select Scan all files
- Select Try to repair infected files and Rename files, if they cannot be removed
- Select Scan for dialers
- Select Scan for joke programs (Jokes)
- Select Scan for games
- Select Scan for spyware (SPR)

7. Click on Virus scanner
8. Click on Start scanner at the bottom of the screen.

9. Let Avira finish it's scan and then remove any threats found and then exit out of the scanner.
10. Take the CD out of the CD/DVD tray and then restart the computer.

If needed see this Tutorial for the Avira Rescue CD

 

Thanks, i've burnt that, and will try it in the morning on his laptop.

Just out of interest, does anyone have knowledge of this malware/virus? It's attribuites, particularly starting this windows calendar, seem quite specific?

I'll give an update on progress tomorrow.

thanks again

 

I'm not quite sure what's going on so far. We rely on the logs from the READ ME to point us in the right direction and since you can't get any of the scanners to run then it's impossible to guess what this might be.

It could be a nasty bit of malware but could also be a corrupted OS... or a combination of both.

Keep us posted. If you can get the logs from the READ ME once the Avira scan is complete then I will be happy to have a look.

 

I have to confess, the guy downloaded and installed something, after I told him he had all the stuff he needed to keep him safe.
If I had a penny for all the people whose machines I have fixed that told me "I didn't install anything, or browse dubious sites", I would be pretty wealthy.

As soon as I get more info, I'll post it. I've seen nothing on the web with these symptoms, and had never seen this "calendar" before and I've been using PC's over 20 years.

 

Latest is, the Avira AntiVir Rescue System continually hangs. Switching language, switching options. We got it to run twice, took two hours, but was unable to back out properly, it just hangs again.
Since then, still cannot get into windows at all, safe mode locks up accessing our virus avg????.sys file. Normal mode, windows starts, then a black screen, then the pointer appears, then nothing

Got a Vista recovery disk and was able to boot with that, and get into DOS prompt and run SUPERAntiSpyware. Final situation as above.

After two stints of this, i feel a reinstall is simpler. He'll have to reinstall his apps too but, a) there comes a point when the time spent is not justified, b) he didn't listen, and c) windows is seriously starting to piss me off after the umpteenth time of trying to fix a problem on this, or other machines

It frustrates me not to get to the bottom of it, but i cant waste a third afternoon trying to fix another poxy windows problem. I'm going Ubuntu