Virus has taken over. Cannot Process ReadMe. Help!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by TonyV1692, Dec 20, 2010.

  1. TonyV1692

    TonyV1692 Private E-2

    Hello,

    A virus has taken over my computer. I am unable to launch any applications after start up without getting the following warning:

    Insufficient Systems resources Exist to Complete the Requested Service

    I have SUPERAntiSpyware Professional and it caught it during the download of GameVance - I think. I immediately ran a complete SCAN and it found numerous instances .. services and applications .. related to this intrusion. However, it was unable to complete the quarantine process and closed down.

    I was able to remove the GameVance program from Windows Remove Program utility. And then shut down. Starting back up was when I encountered the current issue.

    I booted in SAFEMODE and still unable to open any application. I tried START/Programs and SUPERAntiSpyware Alternate Start and got a different warning:

    RunSAS.exe application error. The application failed to initialize properly (oxc000142). Click OK to terminate the application.

    Basically, I am stuck as I'm not able to complete any of the READ ME tasks. After more than an hour of restarting computer, I’m able to open Windows Task Manager and it appears winlogon.exe is consuming 99% of the available CUP

    For the record, I did complete all the tasks in the MALWARE READ ME instruction and worked with a tech to cleans my computer. I also purchased SUPERAntispyware Professional. I also have Spybot, Spyware Blaster and Malwarebytes per the instructions and have run the scans with the last 5 days.

    Please help
     
    TonyV1692, Dec 20, 2010
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You last ran scans on 8th December this year. Then I declared your machine to be all clean, which it was. If you have ran scans in the last 5 days then you need to attach them. But from what I can gather, you are re-infected, and cannot run any tools. Mixed messages there.

    Just do this, see how you get on.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click and choose Run as Administrator

    You only need to get one of them to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    1. Rkill.exe
    2. Rkill.com
    3. Rkill.scr
    4. Rkill.pif
    Once you've gotten one of them to run then try to immediately run the following.


    Download and save the below to your PC (save it anywhere you can find it. The Desktop is fine). Then double click on it to run it.

    AVPFind.bat

    It should take a couple minutes to run. You will see a black command prompt window while it is running and it should close when it is finished. Once it finishes, attach the c:\avplog.txt file that is will hopefully create as long as the malware does not block the batch file from running. (See: HOW TO: Attach Items To Your Post )


    Now download and Run exeHelper
    • Please download exeHelper to your desktop.
    • Double-click on exeHelper.com to run the fix.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file named log.txt will be created in the directory where you ran exeHelper.com
    • Attach the log.txt file to your next message.
    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


    Also please try running the below online scan:

    http://www.superantispyware.com/onlinescan.html

    Reboot immediately after scanning if it finds and removes anything. Let me know if anything was found. See if you can save a log with it.


    Then try running these instructions: Using MGtools


    Attach the below logs when finished with all of the above:
    • C:\avplog.txt - from AVPfind
    • a log from online SAS scan if you could make one
    • log.txt - from exeHelper
    • C:\MGlogs.zip - from MGtools
    The C:\ assumes that drive C is you Windows boot drive. If you boot from another drive, then use the correct drive letter above.
     
    Kestrel13!, Dec 20, 2010
    #2
  3. TonyV1692

    TonyV1692 Private E-2

    Thank you Kestrel13. I believe you are right in that I am reinfected. Just in the last 24 hours. Sorry for the mixed message. I believe SAS caught it but was not able to quarantine it.

    The problem I have is that winlogon.exe is consuming 99% of my CPU so I am not able to perform any of the tasks you suggested in your reply.

    Is there anything else I can do? I may try to login via SAFE MODE NOT Connected to the Network to see if that helps. However, at this point I am stuck.

    I am sending these notes from another computer.
     
    TonyV1692, Dec 20, 2010
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Yes, try with safe mode.
     
    Kestrel13!, Dec 20, 2010
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds