Malware problem, I need help

Try doing this:
Kaspersky Rescue Disk.

If that works, then go back and do all the Read and Run First instructions.

 

You will need to download it to another computer and then create the disc. It is a boot time scan and will update when you run it as long as you have internet connectivity.

 

It should not be a zipped file. It should create a bootable cd. Are you sure you have created the disc properly?

Try doing this one;
BitDefender Rescue Disk-with-auto-update.

If you still cannot run a cd at boot up, we will try a few other things.

 

You shouldnt have to install anything. Once you create the rescue cd, then put it in the cd drive on the infected computer and boot to it. You may need to go into the bios and set the boot order to cd first.

What exactly are you doing to create the rescue cd?

 

Try doing the below in safe mode:

Download and save the below to your PC (save it anywhere you can find it. The Desktop is fine). Then double click on it to run it.

AVPFind.bat

It should take a couple minutes to run. You will see a black command prompt window while it is running and it should close when it is finished. Once it finishes, attach the avplog.txt file that is will hopefully be created on your Desktop as long as the malware does not block the batch file from running. (See: HOW TO: Attach Items To Your Post)

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Administrator


You only need to get one of them to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

1. Rkill.exe
2. Rkill.com
3. Rkill.scr
4. Rkill.pif

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run then try to immediately run the following.

Now download and Run exeHelper from Raktor

• Please download exeHelper to your desktop.
• Double-click on exeHelper.com to run the fix.
• A black window should pop up, press any key to close once the fix is completed.
• A log file named log.txt will be created in the directory where you ran exeHelper.com
• Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

If you already have them installed, be sure to update Malwarebytes and SUPERAntiSpyware before the scan!

Now run this: Using Malwarebytes Anti-Malware

Now run this: SUPERAntiSpyware - running & getting a log

Now run this: Using MGtools


Now you need to attach the below logs created while running the above scans

• exeHelper log
• Malwarebytes Anti-Malware log
• MGlogs.zip - normally it is C:\MGlogs.zip - only attach this log from MGtools.exe DO NOT attach any logs seen in the MGtools folder.

 

I will give you one more thing to try to fix your file associations.

Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Additionally, you could try fixing the file associations from this LINK.

 

Is this a laptop or desktop? And your other computer? Can you boot to the Kaspersky Rescue disc on the other computer?

 

Are you by chance booting to your windows OS and then trying to run the Rescue cd? Or are you booting straight to the cd?

 

Using a different computer to create this disc:

You are going to have to create a CD that you can boot from. There are some special CDs that are frequently used some of which also have scan capabilities. I suggest that you work on making the below OTLPE CD and let us know when you have it built and when you have actually been able to boot from it.



Creating OTL-PE Environment

1. Please print out these instructions for reference.
2. Be aware that the OTLPE.iso file is a large download.

Step 1

• Download ISOBurner this will allow you to burn REATOGO-X-PE ISO to a cd and make it bootable.
• Double-click IsoBurner-Setup.exe to install the program.

Step 2

• Download >OTLPE.iso< and save it to your Desktop.
• NOTE: This file is 292Mb in size so it may take some time to download.
• Once downloaded, double-click the OTLPE.iso file and ISOBurner will open.
• Burn the .iso file to a CD. Additional instructions on doing this can be found in the below link:
  
  • Iso Burner Instructions
  
  

Step 3

• Insert the CD into the drive of the problem computer and reboot.
  
  • Note: If you do not know how to set your computer to boot from CD follow the steps >here<
  
  
• The computer should now display a REATOGO-X-PE desktop (be patient - this takes a long time to load)
• Double-click on the OTLPE icon.
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.

Step 4

• In OTL, please change the following settings:
• Change Drivers to Non-Microsoft
• Press Run Scan to start the scan.
• When finished, the file will be saved at C:\OTL.txt
• Copy this file to a USB memory stick if you do not have a working internet connection on this computer at this time. If you do have a working connection, then just come here and attach it. The OTL PE environment gives you the ability to connect and surf.

Once we have this log we will know that you have been successful at making the CD and that you are able to boot from it. Then we should be able to explain how to copy the file we want to replace.

 

What is the exact error message you are getting in the BSOD?

 

Based on what you are saying here, you are not getting the PC to boot from the CD which is what is needed. If you boot to normal Windows and try to run the CD, it would do us no good at all. If you cannot get any of the CDs to boot then you should try doing what TimW suggested earlier..... and that was to take the hard disk out of this PC and add it as a slave drive into another properly protected desktop type PC (perhaps a friends) and run scans on it. DO NOT RUN ANY PROGRAM files that are on this hard disk. Just run scans on it to see if any traces of the infection can be found and removed,

If you cannot do the above, then it is likely time to stop stalling and perform a reinstall.

 

I have one last suggestion before you reformat and reinstall. Try making this USB boot disc:

BitDefender Rescue USB.

 

Yes I just created a USB procedure for OTLPE here today: OTLPE - Installed to a USB drive

But you still need to make sure that you are booting from this device and not the hard disk or it will still be of no use.