Win7 infected by Autorun Virus!

The only thing I am seeing that needs removal is this:
C:\emhyd.exe

The scans seemed to have taken care of the remainder of the malware. What malware issues are you still having, if any?

 

Tim,

You need to see logs from normal boot mode first.

 

I knew I was forgetting something!! :-o

I totally missed the Sality infection. Thanks thisisu!!


Todd2007 ----

Registry editing and also Task Manager will be constantly getting disabled which is due to the Sality infection you have. This can be seen by the below seen your system.ini file.

[MCIDRV_VER]
DEVICEMB=1186549455

For additional info, see W32/Sality.ai also see the below. There are many forms of Sality:

Virus:Win32/Sality.R

Virus:Win32/Sality.AT

These types of infections frequently require a reinstall to properly removal all traces and to fix the damage it causes.

You can try the below tools but I have never seen them work properly:

http://free.avg.com/us-en/win32-sality

http://support.kaspersky.com/viruses/solutions?qid=208279889

 

Sadly, you will need to do a clean install. Backup any files or data that you can and then do a reformat and clean install.

 

Is this a desktop or laptop comuter? In either event, you will probably have to remove the hard drive and slave it to another computer to remove your files and data. I suggest you post in the software forum for any assistance you might need with doing that.

Make sure that any computer you attach this drive to is well protected and all the virus definitions are up to date.

 

You are welcome. Do post in the software forum for additional assistance with slaving your drive and accessing your files. :major

 

Great to know. Safe surfing.