Mouse and Keyboard Freezes with Virus

Please do not start additional threads for the same problem. Your other thread has been closed. You will not get an answer any sooner by doing that. Oldest threads are answered first. See the sticky threads that explain our procedures.



I want to see if perhaps you can get anywhere by using Safe Mode with Command Prompt. But before trying to reboot in this mode, you first need to use another PC to download the below two files:

1. Malwarebytes Anti-Malware
2. MGtools.exe

Copying the above two files to the problem PC.

• Now copy the above two files to either a CD or flash drive.
• Put this CD or flash drive into the problem PC and see if you can use Task Manager to copy the files to the root folder of the Windows boot drive which is normally drive C. If you don't have any idea how to do this from Task Manager, try the below methods (I'll give to methods in case the 1st does not work)
  • Method 1 to Copy Files
    1. Click File, New Task (Run...) and then click the Browse button.
    2. Use the Browse windows to navigate to the CD or flash drive.
    3. Select the MGtools.exe file by clicking on it once so that it is highlighted.
    4. Then press CTRL-C to copy the file.
    5. Then navigate back to the C drive by clicking the My Computer icon in the Browse window. Select the C drive by double clicking on it.
    6. Then press CTRL-P to copy the file to the C drive root folder.
    7. Repeat the for the mbam-setup.exe file.
  • Method 2 to Copy Files
    1. Click File, New Task (Run...) and enter cmd and click OK.
    2. If the above works a command prompt window will open
    3. In the command prompt window type cd C:\ and hit the enter key. This should change the prompt in the window to C:\>
    4. Now you need to know the drive letter of the CD drive or the flash drive that you will be copying from to do the below command. I'm going to assume the drive letter is E and put that in my example command. So enter the below commands followed by the enter key:
       • copy E:\MGtools.exe
       • copy E:\mbam-setup.exe
    5. If the above copy commands work, you should get a response of 1 file copied for each command.
• Now reboot the PC by selecting the Shutdown tab in Task Manager and then select Restart to restart the PC.
• and press the F8 key to get to the boot menu.
• In the boot menu, select Safe Mode with Command Prompt
• When the PC boots up, you should eventually get a command prompt Windows to open (assuming everything works OK).
• In the command prompt window, enter the below commands (the commands are in black bold print. Other text are just comments or explanations).
• • cd C:\
  • mbam-setup.exe
    • this will attempt to install Malwarebytes. At the end of the installation procedure, just uncheck the option to update Malwarebytes but leave the option to Launch the program checked. This should automatically run the program.
    • If it installs and runs, select Perform quickscan
    • when it finishes running, make sure your fix everything it finds and then save a log.
    • Now continue on with the next commands below
  • mgtools.exe
    • wait for MGtools to finish running. When it finishes, the C:\MGlogs.zip file will exist. Now continue on to the next steps below
  • Now hit CTRL-ALT-DEL to bring up Task Manager and select the Shutdown tab and then select Restart to restart the PC. See if it will boot in normal mode now.
• If you can log in now and get to a normal Desktop, attach the C:\MGlogs.zip file and the log from Malwarebytes.
• The attempt to run SUPERAntiSpyware and ComboFix per the instructions in the READ & RUN ME FIRST. Malware Removal Guide and also attach these two logs.

 

Since you are basically showing us that nothing can run, there is not much we can do to help you since we need logs to get insight into your PC to know what is happening. Your options are limited.

You can try restoring to an older restore point using the Recovery Console as documented in the below link from Microsoft but you MUST have your Windows Boot CD to do this:

http://support.microsoft.com/default.aspx?scid=kb;en-us;307545&sd=tech


Other possible options are the below which you will need another PC for:

• Take the hard disk out and scan it in another well protected PC
• Use another PC to make a special CD which you can boot from to try and run virus and spyware scans or to at least backup data. CDs like the below:
  • http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html
  • UBCD4Win << still requires a Win Boot CD to make this CD
  • http://www.sysresccd.org/Main_Page
  • http://trinityhome.org/Home/index.php?wpid=1&front_id=12
• reinstall

 

Okay while those are incomplete logs, it was enough for me to figure out what type of infection you have. It has many names but one is Windows Police Pro or WPP.


Let's see if we can get some info so that we can determine which system file has been corrupted. That way we can try to replace it.

Download and save the below to your PC (save it anywhere you can find it. The Desktop is fine). Then doube click on it to run it.

AVPFind.bat

It should take a couple minutes to run. You will see a black command prompt window while it is running and it should close when it is finished. Once it finishes, attach the c:\avplog.txt file that is will hopefully create as long as the malware does not block the batch file from running.



Now download and Run exeHelper

• Please download exeHelper to your desktop.
• Double-click on exeHelper.com to run the fix.
• A black window should pop up, press any key to close once the fix is completed.
• Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


Also please try running the below online scan:

http://www.superantispyware.com/onlinescan.html

Reboot immediately after scanning if it finds and removes anything. Let me know if anything was found. See if you can save a log with it.


Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


Attach the below logs when finished with all of the above:

• C:\avplog.txt - from AVPfind
• a log from online SAS scan if you could make one
• log.txt - from exeHelper
• C:\MGlogs.zip - from MGtools

The C:\ assumes that drive C is you Windows boot drive. If you boot from another drive, then use the correct drive letter above.