Major Malware attack; blocking attempts to fix

I got hit with some kind of nasty malware/virus yesterday on my Dell desktop. I tried to get around it with a system restore to no avail. I then downloaded the newest versions of TDSKiller, Fixit, etc. as I've been down this road before on here.

While this virus has url redirection attributes, it is also doing other things like stopping the cleanup software from running, not allowing updated definitions, etc. Not even letting me doing anything in safe mode.

Could you please let me know how I should proceed from here.

Thanks!
Drew

 

Windows XP. I was frustrated earlier I can't believe I forgot to included that.

Thanks!

 

Yes I can.

 

I could always access the desktop. It's just that when I try to run any of the anti-malware software it will not run. Also firefox will not open; the error comes up saying it's already open, which it is not. (doesn't show in task manager processes)

 

I ran SUPERAnti-Spyware and Malwarebytes Anti-Malware. In both instances it would not allow me to get the most up to date definitions.

I was able to download newer copies of TDSKiller, Fixit, Goored (there was another I can't recall- not in front of the home computer right now), but when I ran them they just hung or immediately closed.

One more thing I forgot to mention..the infection got activated when a fake "you have malware" screen came up and my wife hit the button to clean it out. Whenever that fake screen has happened to me in the past I quickly closed it, ran anti-spy and anti-mal and it was cleaned up. Not so lucky this time.

 

Tim,

Got it to run. Thanks!

 

OK, will do as soon as I get home. Should I run in safe mode?

 

Tim, I ran Avenger, but had to run it in safe mode. (output is attached).

I finally found the fake anti-virus software that keeps invoking in normal boot (and once in safe mode when I hovered over it.) It is called System Progressive Protection. That is what is preventing me from executing programs in the normal windows boot.

Still can't run some of the other programs in safe mode either.

Goored crashes every time

TDSKiller and FixTDSS don't do anything after you confirm that you want to run them. They just disappear.(Not listed in task manager)

I was able to flush the Java, IE, and DNS caches and that's it. Firefox won't open.

Onward and upward.

Thanks,
Drew

 

Last night I ran comboxfix and discovered I have a RootKit ZeroAccess infection, but combofix got stuck after telling me that. It ran 8 hours and was still just sitting when I went to bed.

 

Malwarebytes Anti-Rootkit shows 2 problems found, but then the software hangs/not responding. I attached a screenshot.

 

Tried it and couldn't get it to boot with their instructions. Ran Rkill which killed 3 processes, but couldn't find malware and was ineffective. So frustrated.

 

I failed to mention that with the Kapersky rescue cd...when I rebooted, windows started normally and ignored the cd. No menu came up as the instructions (#4) mentioned.

 

Good news at last Tim! I re-burned the disk and this time the system recognized the Rescue CD. After I rebooted I reran the Malware Bytes Anti-Rootkit and cleaned out more malware. Also got TDSKiller to run, caught another 7 medium risk issues.

Couple of things still going on. Microsoft Security Essentials won't re-start, Super Anti-Spyware can't get updates, and the same for Malware Anti-Malware.

 

Uninstalled software and re-installed and then it worked. You can close the thread. Thanks again Tim!:cool

 

why do you think there is a faked MBR partition?

I am running MGTools and after a while it has gotten hung on; these are the last 2 statements on the screen


MiscInfo.Bat - 10/20/2012 version 0.10
User Account List Seen From WMI

 

tried again this morning to no avail...this time I remembered to attach the zip file.

 

Ohhh...so what should I do now? :confused

 

Not seeing any. Only things that have occurred that seem out of the ordinary are 1) on start up there's a pop up window asking if I want to run malwarebytes (I hit cancel) and 2) MGTools got stuck when I tried to run it.

Otherwise things seem fine. Needless to say I won't be doing any online banking for a while to be sure. And already changed my password for it on a different computer.

 

All right, all set. Thanks again Tim, I really appreciate the help!

 

Apparently there is worse issue. Got the BSoD (see attached). I googled the message IRQL_NOT_LESS_OR_EQUAL and found that most answers were that a driver(s) were out of date and/or corrupted. (needless to say I am backing stuff up)

I ran MajorPro's driver check and it found 18 outdated drivers. I replaced 2 (that's the limit per day unless you buy it), but I'm wondering if the rootkit problem damaged the hard drive. What do you think?

 

Will do. Thanks!