No program will open at all

I am very puzzled as I know my Internet is connected but firefox will not open. No other program will either. All that happens when I attempt this is the cursor doing a twirly dance. Firefox will not open in safe mode either. Unfortunately my computer says I have no restore points. This all started today when my computer inexplicably crashed. I donot have malwarebytes installed but I have tried running lavasoft adaware to no avail. It wont run either. What can I do?

 

I cannot seem to dl any of the registry kills. I am using a different computer to try to dl them but the mcafee keeps saying its a trojan and blocks it. I try to disable it but I am not having any luck.

By the way I tried to run malwarebytes from the usb stick and nothing happened. EXE file like all the others I guess.

 

I am having to do all of this on another computer since mine will not run any programs. I did download roguekiller and put in on my desktop from the usb stick. I tried running it as administrator and regularly to no avail. I did get a prompt saying "run this ok?" sort of thing but nothing happens after I say ok.

 

Ok. So if I burn one of these onto a c Dr how do I then boot from it. I tried putting the disc in and double clicking but nothing happens.

 

Ok thanks. The guide says to check the rename rather than remove option. Its scanning now and has detected a worm and a Trojan do far. So the infected files will still be there just rendered harmless? Should I not try to remove them. Thank you for all the help.

 

I have just used the avira rescue Cd. It found only two infected files. Both were deleted, but with reboot the problem persists. No programs open. I guess its on tot trying the other rescue cds out there. Trinity etc. Is there a point trying the lot?

 

Windows 7

 

And for my next act.... during one of the rescue Cd s the computer froze so I did a forced restart with the power button. Now I cannot do anything to make the computer turn on. The rescue disc is still inside.

 

Never mind the last post. I got the computer to turn on

 

So I tried all the rescue Cd s listed but the problem persists. I was unable to do many of them such as Trinity because they require Internet access, something that is blocked apparently. I am connected but firefox will not open. I guess their Internet is not accessible for similar reasons by the rescue cds. I will be trying the other methods listed and get back here.

 

I tried rogue killer in both safe And regular mode. In safe the command prompt does not dissapear as it does in regular mode but when I type 1 enter nothing happens even when changed to winlogon

 

Does not work in safe mode or regular

 

Does not run in either situation. Should I redoubt the rescue Cd now that hidden files are unhidden or does it make no difference.

 

Did not work in safe or regular.

 

Working on it

 

Ok. So I have just done this for exefiles. I saved the default reg to the desktop right click selected merge then ok ok. Should I do this for other file extensions?




It did nothing btw. ;(*

 

Strangely a restore point has appeared where in the past there were none. Unfortunately its from the 13th so I doubt it would be any help since this happened on the 12th.

 

Likely unsignificanf but disc cleanup does work and defragging does too at least until it keeps reaching pass 2 50% and then goes no further.

 

Ok I will try. Its pesky and doesn't want to close no matter what I try.

 

I cannot uninstall on that computer as it isn't mine but I will keep trying to temporarily disable it. Thanks for all the help.

 

The computer that has the problems of not running programs is mine. The one I have been trying to use to dl rkill belongs to a family member. It has mcafee installed and I worry that if I try to uninstall it there will be problems. Its too bad that one cannot just download this in a rarfile or something that wouldn't get blocked.

 

It dled! It prompts me when I click on it. This is blah blab, ok? After accepting nothing happens. I'm assuming something should? Maybe rkill with a different extension will run?

 

Nothing. Should rkill do something after it is clicked? Does a menu appear or something?

 

Hi aoikirin,

I will try to help you get started so you can complete the procedures outlined by Kestrel13!.

First try booting into Safe Mode with Command Prompt
In the Command Prompt window (the black box), type the following command press ENTER

• sfc /scannow

This will take a few minutes to run and check for system files that may need to be repaired. Be patient.
When it's finished, it should let you know if it found any errors and if it was able to fix them or not. A reboot most likely will be required. Even if you are not prompted, reboot into Normal Mode and try to run ComboFix.exe from the desktop.
__________________________________________________________________________________

If you are still not able to run anything then proceed with the below:

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please attach this file to your next reply. (How to attach)

 

Rkill does not seem to help as the exefiles still will not run. But I'm not convinced it ran properly. Other than a general window asking for confirmation to allow it to run nothing opens.

 

exehelper is blocked by antivirus software. Would it be possible to upload it as a rar file please?

 

Hi,

Skip exeHelper for now.

Try to complete the directions I have outlined for you. If you are having trouble with those, let me know.

I am thinking you have a new type of TDL (aka Alureon) infection (TDL5?)
There is another user with very similar symptoms as you: http://forums.majorgeeks.com/showthread.php?t=249598

Running FRST at this point would be our best bet to see what type of malware problems can be seen (if any). But do try to run the sfc /scannow command as requested first!!

Just by reading those two threads it sounds like any time you try to run any program that requires permission by Windows Security Warning (see pic below), then it is blocked (even if you press Yes)
http://img706.imageshack.us/img706/6734/acceptj.th.png <--- XP

Is a prompt from User Account Control (UAC) popping up for you since you are in Vista to accept to run programs or not?
http://upload.wikimedia.org/wikipedia/en/thumb/5/51/Windows_7_UAC.png/310px-Windows_7_UAC.png <--- Vista/7

Or does it look just like the Windows XP version? UAC should have been turned off since we are doing malware removal but I'm unsure if you were even allowed to do that.

Let me know please

Good luck and once again let me know if you need help with the FRST instructions.

 

Here is the text report.
The scan in safemode found nothing, and combofix does not run

 

Did you run FRST while in the recovery console as instructed?
This looks like you ran FRST from within Windows.

You may need to rerun FRST and attach an updated log.

 

Recovery console? Is that safe mode

 

No. I posted the full instructions on what you are supposed to do here

You need to also answer my questions so we have a better understanding of your infection and so that I may help you better.

Were you allowed to turn UAC off?
Were you allowed to type in sfc /scannow from Safe Mode with Command Prompt?

 

I'm sorry I am doing my best! I will try harder to comply with your instructions I promise.

Here is the text file. I think I did it the right way this time.