Virus killed WIndows, cannot even log in

My computer has a virus. My son (11) clicked on one of those false virus warnings and downloaded Vista Internet Security. Vista Internet Security then downloaded a whole host of other things. I was able to run an anti-spyware program and remove most things, however, the Vista Internet Security started messing with my ability to log on and off, and to switch users. I just logged into "Safe Mode" and all I get is a black screen and the curser.

I've had a similar virus before and I was able to log in from another user and eliminate the virus. But now, I cannot log in at all, and I have no idea what to do.

The computer is a Sony Viao running XP.

THanks

 

Ok, I'm not trying to bump. Just to give more information.

I am able to log into the computer now, however when I try to log into the main user/admin account, windows does not function at all. I get a black screen and the cursor. I am able to force explorer to come up from time to time from the Task Manager, but its intermittent.

I can log into one of the other users. When I do that, I can run anti-virus. I ran both Superantivirus and Malwarebytes, and then both claim to eliminate the virus, however, they clearly do not. Because when I log in again, the virus is still there. I cannot run either from the admin account because the virus stops it. I cannot download rkill to stop the virus, because I cannot access the internet from that account.

I tried a system restore, but that was damaged and will not work. I get an error message.

I tried using an external drive and running the antivirus from a thumb drive on my admin account, but I cannot get the admin account to recognize the thumb drive.

I was wrong, btw, I'm running Vista on that computer, which I suppose makes sense since the virus is the Vista Internet Security 2011 virus. It also loads all these trojans and things onto the computer.

I really don't know what to do. I don't know what I can't remove the virus when the virus seems to get removed from the other user account. Also, every time the system system restarts, I get a blue screen error where the system tells me its dumping memory or something. Huh?

Thanks

 

I was able to run Malwarebytes and Superantivirus. Everything else won't download or run. I'll post what I can as soon as I can figure out how to get the logs up to the net, because the virus is blocking my access to the internet.

 

I got this log. So far, that is all I've gotten to work.

 

I'll try safe mode. At the moment I'm having issues getting the system to boot at all. I'm booting from a disk. I'll try a thumb drive. Can I run them all from the thumb drive somehow?

 

I tried that. Didn't seem to change anything. I've been trying to get rkill to run based on suggestions from another board. However, every time I move the program to the desktop, even on the other account, I get kicked to a blue screen error. Safe mode and regular mode doesn't matter. Running them from the thumb drive doesn't work either.

I tried something called tdsskiller. I changed the name. Nothing. Blue screen error.

Combofix doesn't even get as far as loading. I get an error even after I rename the program.

I can't copy the MG tools to the C: I get a windows explorer fail. I can copy it to the deesktop, although I'm not sure that helps?

What the heck is on my computer? I've never had a virus like this before. It seems to have corrupted windows quite a bit.

I am starting to wonder if I just need to reinstall windows.

 

The account I am trying to use doesn't have administrator rights. Is there a way to change that from the dos prompt? I can get in there from the boot disk. This means that I cannot copy MGTools to the C: root drive. Trying to do anything on my other account is pretty pointless. As soon as I log in there, 15 windows pop up and the system totally freezes.

 

I got this to run.

 

I got MGTools to run by sneaking in through the explorer window and downloading from a thumbdrive.

I'm sorry I am not doing this in the order you ask for. I am just getting anything I can run to run in any way possible.

 

I was running Iolo antivirus. I have no idea where it went or why. It came as a package with system mechanic, but obviously it sucks, so I'm switching to something else.

 

I think I'm getting there. However, I have not been able to do everything you suggested. I was able to run hijack this and remove the things you suggested.

I FINALLY got Malware-bytes to run and it cleaned up a lot of things, and made the system respond faster. Then I ran CCcleaner and dumped all the TEMP files. THere were a lot of them. I could not get the register repair to run, and I couldn't open the Swandog program. My Iolo Antivirus reappeared (it had been disabled) and was able to run. Iolo sucks, btw. Tell everyone to avoid it like the plague. I can't understand how they can claim to be anti-virus when they obviously suck. ANd, yes, I updated regularly.

Grrrrrr

THEN on a reboot the stupid Vista 2011 virus was back again. For some reason it disables my windows so I can't see anything but a black screen on my admin account. I can get into the desktop by a trick... but when I try to run things I get the dreaded blue screen.

Is there a way to force another admin account on this computer so that I can run the antivirus and everythign else from there?

Thanks for all your help so far.

 

I can boot in safe mode, but I still get the same issue. I can't see my desktop. I CAN bring up the task manager and launch a new process. That is actually how I get into my desktop.

 

I can run avenger in safemode.

 

I'm having trouble figuring out how to get the script into the program.
Can I save it to a file? Is there something I could use that does not require opening.

 

I might need to type it by hand. Oh well.

 

The virus stops me from launching an internet browser. I am working on another computer. I need to get the text from this one to the other one. I have Avenger open, and I'm afraid to close it. If I put the text on a thumb drive I can move it, but I am not sure I can open the text when I get it on my system.

 

Ok. The program runs. Then, instead of shutting down normally, which I assume would allow the program to run at startup, I get kicked into the blue screen memory dump. I am assuming that kills anything that might eliminate viruses after a reboot.

I am wondering if there is anything that can be run from a command line prompt outside of windows? The issue is not running the programs right now, the issue is the reboot. The programs all run properly, say they will get things done after the reboot, and then when trying to reboot instead of going normally, I end up with the blue screen error.

I can also download that other program you are talking about. I'll try that next.

When I try to do the registry fix I get the same blue screen error.

Should I try rkill again?

 

DOn't ask me how I managed, but I was eventually able to get malwearbytes to run, and superantispyware to run. And I ran them over and over after several failed attempts, and after trying both user accounts, and safe mode, and the admin account.

AND...

I finally got that registry fix to load!!!

YAY!

However, I am still getting the blue screen of death when I try to run Combofix. That makes me think the virus is still lurking there.

And my browser cannot access the internet.

Tell me what to do next? Run everything again from the start and post the logs?

 

OK, so I was able to run this program called RogueKiller and this fixed some stuff and eliminated some stuff. I ran it three times, but the last two were pointless and did nothing. I ran Malwearbytes two times and SUperantispywear two times. Both came up clean. I ran Spybot search and destroy and the iolo anivirus. Also clean. Rogue killer allowed me to access the internet by fixing permissions on internet explorer.

HOWEVER,

If I run Combofix or root killer or (sometimes) Hijack this I get dumped to a blue screen error.

Also, every time I log in I get a Windows error. Plus, sometimes when I try to get windows explorer I get a blue screen error. SOmetimes I can recover from the error and get my regular desktop, and sometimes I cannot and I get a black screen. However, when I DO get the black screen, this time I can easily run programs and access explorer where in the past I have not been able to.

SO.... my questions are:

Is this b***d of a virus REALLY gone.
How can I fix this error in windows?
Why does combofix dump me to a blue screen error?

I am pretty sure, just for your information, that I got this through a vulnerability in Adobe reader. Does this mean my anti-virus sucks, or is this just because Adobe sucks.



You've been amazing. When this is over I'm gonna give you a hug and kiss.

Eve

 

OK, the MB is infected I think. I got rid of just about EVERYTHING, and things looked really good. However, when I rebooted after a system failure, I got the google redirect virus and a few others. They weren't there before, so they are new.

Every time I try to shut down the computer it does not shut down, I get the BSOD with some random warning. Usually the warning is "Internal Power error" but this varies.

I tried a couple fixes I saw elsewhere.. getting into the command prompt from the recovery disk and trying to repair the MB using various commands. NO go.

I believe this prevents my antiviruses from ever REALLY eliminating the malware which just then reinstalls the next time my computer boots up. I am running antivirus now, but without repairing the MB I am not sure I can beat this one.

I got everything important off the computer. I'm starting to think a total clean wipe and reinstall might be the solution. I've been told that reinstalling the OS does nothing, and that you have to totally clear the drive, or even replace the hd entirely.

Bleah.

If you have brilliant suggestions or plans, let me know. Is there a utility for getting rid of these master boot viruses and for repairing the damage done?

At this point, I'd be willing to take the risk of screwing up my system and play around a little since the system is already screwed either way.

I am running the entire malware removal guide from the start. When I get logs I will post them, but I don't think they will help.

Eve

 

Ok!!

IT restarted normally!!!



I was having google redirect problems too, but I followed that guide for ending that. And, it seems to be gone.

Here are some logs.

 

Runs as well as the system did when brand new. Maybe better.



Thank you SO much. You totally rock.

Eve