Inaccessible Windows Xp

Hello. I have been fighting a malware infestation of some sort for the past 9 hours or so but I'll try to condense my story for all of you. First I'd like to say that I physically cannot carry out the procedures in the floated thread on removing malware for reasons I will explain shortly so please don't just refer me to that.

It started somewhat randomly earlier today. I was browsing the internet like I normally would (I don't go to bad/shady sites and didn't do anything different today) and I started experiencing some pop-ups that I dismissed as Adware. I know it's not known for being a great program but Spybot has always been great for me. I thought I'd just run that like I normally do when I have a problem and it'd be over quickly. Unfortunately I seriously underestimated this malware infection.

I first realized it was different when I couldn't open task manager. Apparently it was "disabled by the administrator" who hasn't gone on his account in two years on this computer... Hurrying up with getting Spybot out I began searching Google for some answers as to what was going on as chaos ensued on my computer. I eventually did get the task manager back through a registry editor but I had a lot worse problems to deal with. I caught it just in time before it completely uninstalled AVG and had to continually ignore the warnings of Firefox being an "extreme danger to my security."

The most active program was called User protection (sorry the capital p key won't work on this computer; I'm pasting p whenever I need it) ironically. It was like any other fake anti-virus malware except this one seemed much more aggressive and possibly let more malware into my computer. I tried downloading Malwarebytes' Anti-Malware but found that the actual site was inaccessible to me (all other sites were fine though) and that I could not download the necessary .exe file seperately as the guide I was reading instructed me to do. Spybot was able to handle a bit of the malware (deleted ~190 bad things) but some problems persisted. To make a long story short I was basically stuck.

So feeling hopeless I decided to clean out my recycling bin. That's when it went crazy. One file wouldn't delete with a stoplight icon and was 0KB in size. I thought it was strange but left it there and tried leaving the recycling bin. The computer didn't like that and froze up on me clearing out all of the desktop and start bar. I couldn't right click or bring up the task manager. This is the state of it whenever I restart the computer.

I've tried safe mode but nothing loads. Well nothing except for a fake anti-virus with a stoplight icon that would appear after a few seconds. I tried doing a repair installation but have not been able to complete it yet from it stopping at some steps. Right now it keeps getting stuck at the part where after it is installed it wants to help me "set up the computer." I try to click next but it always seems to be frozen at that one spot.

Does anyone have an idea on how to fix this problem? Is anyone familiar with this type of malware? After doing some research it seems to belong somewhere in the Vundo family of viruses based on the "symptoms" I've seen. I can't find anything on the fake anti-virus that uses a stoplight icon though. I wish I could at least log on to try getting more information but unfortunately I'm stuck at that point of nothingness on the screen but my background. All I can give is some system specs that I know (it's an old computer):
-It's a Dell Dimension 4600
-OS: Windows Xp of course
-I think 2GB of RAM

I'm not sure what else would be useful. If there's something I can find out without having to log on I'll find it and post it here if you let me know. Thanks for any help.

 

Update: I was able to get on my computer by reinstalling windows. However I know the problem is not yet completely solved as one of the fake anti-viruses remains. The stoplight one I was talking about seems to be called Security Guard. Right now I'm running Malwarebyte's Anti-Malware to try to get rid of some but I wasn't able to update it before starting the scan. I kept getting an error when I tried to search for updates so I'm hoping that maybe by scanning now I'll be able to update once it cleans some things out?

I found that all of the browser restrictions on that computer are the same - no Malwarebytes' site; no downloads from there (had to use a USB to transfer); and the windows updates site is inaccessible as well.

If Malwarebytes' doesn't fix the problem enough to allow me to fix the rest does anyone have an idea of what I should do next?

 

Okay, I have some good news and bad news. The good news is that my computer seems to be in a good working condition. Right now I'm using it without any websites blocked and not really any interference from malware that I can tell. However, the bad news is that I'm not convinced I really got it all. After what happened yesterday I'm sort of paranoid over this. I've dealt with small problems with adware and not very serious viruses, but yesterday's "attack" was so sudden and malicious that I'm really afraid of it coming back.

I was able to do a lot of the steps from the floated thread, but not every scan. I did a SAS scan and an updated MBs' Anti-Malware scan. I'll try to upload the logs if I can figure out how to do that.

Currently I'm updating Windows (XP 32-bit) as much as possible. It's on 80 out of 87 at the moment, and then I'll check to make sure I'm up to service pack 3 (or would the updates include that?).

The first attached file was the first scan in MBs' Anti-Malware, and the second is from the second (after updating) scan. I can't seem to find a log for SuperAntiSpyware. I hope it didn't get deleted... Where should I look for a log from an earlier scan?

Is there anything you can see from the other files that I should be concerned about? Do you think there would still be some malware left even after doing a few scans?

 

Okay I have a log from MGTools and didn't try Combofix yet since the guide told me not to do it unless specifically asked by someone. I guess I can try doing it today. I also couldn't find my SAS log under Application Data. There wasn't even a folder for SuperAntiSpyware there. Could it be possibly located somewhere else? I hope the MGTools log will be useful for now.

 

Okay thank you for your help. I guess it's a good thing then that I didn't finish running Combofix. For some reason it kept warning me that AVG will interfere with the running of it... except I completely uninstalled it already. Do you know why it might still be saying this and if (when you tell me to) I should still continue with the program ignoring that warning?

 

Okay, I ran ComboFix, but something strange happened at the end:
1. A shortcut for Internet Explorer appeared on my desktop. Is this normal?
2. A weird "G" for Google appeared on the bottom right near the time as one of those programs. It said it blocked an attempt to change my settings. Then the "G" program disappeared. Was this part of ComboFix or something else?
3. Also, after scanning, ComboFix said it needed to restart my computer. It warned me not to do it manually, so I let it do it, not wanting to mess anything up. The guide I was following never mentioned rebooting, so was it supposed to do that?

When it rebooted it started right back up, and I have the log attached. I hope it helps.

 

Sorry for the late reply. I was busy this weekend. I ran MGTools again. Here is the log.

 

Oops, I think I just redid a normal MGTools scan like the first time. Sorry for misreading your post. I hope I didn't mess anything up... I followed your instructions exactly this time going inside the MGTools folder and then clicking that file. Here's the new attachment (can't find the edit button to put it in my last post).

 

1. Yes, I used the tool to remove it, but it seems that ComboFix keeps saying it's still active when it's not... I'm not sure why Avast is still left after I uninstalled it, and I'm not sure on McAfee. It was put in years ago and has never really been used. I'm not sure how to uninstall it either since there's nothing under Add/Remove Programs to remove for it (except the Security Center I think which needs everything else to be removed first).

2. I'm not sure how almost everyone got Admin priviledges; I thought only 1 had it. I'll have to change that if everyone still remembers their passwords...

3. Okay, I removed it.

4. Not sure what that is, but I added it to the list.

5. Done.

6. Log should be attached.

7. I tried deleting the two files left in there, but it said they were currently being used, even after exiting all programs. Are they viruses of some kind or is it ok to leave them?

8. It should be attached too.

9. The computer has been fine for the past few days. I haven't noticed anything out of the ordinary, but I hope doing what you told me to gets rid of all of the malware for good so I can start over. Thank you so much for the help.

 

Thank you so much for your help. I'm glad the malware is finally gone. However, I'm afraid I encountered another problem.

When trying to update Windows, I came across this error when trying to install Service Pack 2:

"Files that are required to run Windows properly have been replaced by unrecognizable versions. To maintain system stability, Windows must restore the original versions of these files.

The network location from which these files should be copied, C:\WINDOWS\ServicePackFiles\i386/rtcres.man, is not available.

Contact your system administrator or insert Windows XP Service Pack 2 Source Files now."

My options are: Retry, More Infortmation, and Cancel, all of which do not help. Do you know what might be causing this problem and what to do to get around it? Is it malware related at all?