'anti virus pro' type malware, cannot run AV, browser hijacked etc

Discussion in 'Malware Help (A Specialist Will Reply)' started by 03056932, Oct 29, 2009.

  1. 03056932

    03056932 Private E-2

    Hi There

    Around 3 days ago i was downloading nintendo ds roms and noticed my computer lockup. i've had the antivirus pro malware before and malwarebytes cleared that up no problem but this time the infection will shut it off malwarebytes mid-scan then deny me permissions to access or modify the program again. It also does this with spybot, superantispyware and others. My web browser is hijacked also. To begin with i was locked out of the task manager but that has stopped now.

    Following the advice in thread 201471, i have followed used AVPFind.bat and attached that log, run the superantispyware online scan and post the MGtools zip file.

    I have tried using the super online scan but it freezes halfway, locking up the pc. i've attached a screenshot of when this happened as i'm hoping the file/registry value it was on at the time might help. IObit security 360 did find 'spyware.win32/Dropper C:WINDOWS\win32k.sys'. In fact it seems to have caught that more than once.

    I'm truly grateful for any help you can offer so i'll be waiting patiently for a response.
     

    Attached Files:

    03056932, Oct 29, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Now download and save this XPsp3bu.exe to your C:\ root folder. You must do this properly. Now run the XPsp2bu.exe program by double clicking on it. You may or may not notice a quick flash of a black window. This is normal. The program runs quickly and just extracts some files we need.

    Now download The Avenger by Swandog469, and save it to your Desktop.

    * Extract+ avenger.exe from the Zip file and save it to your desktop

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    * Run avenger.exe by double-clicking on it.
    * -Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now see if you can get MGTools to run to completion:
    run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\Avenger.txt
    * C:\MGlogs.zip

    And if possible see if SAS and MBAM will run. If so, attach those logs.
     
    TimW, Oct 31, 2009
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds