Same Virus Issue

2 weeks ago I ran all of the procedures for getting rid of malware/spyware/viruses. My system was running great. I have not used my computer in a week and when I tried to logon today I was only able to boot my system in safe mode. When I ran getrunkey.bat and shownew.bat my system was clean (nothing in the reports). What should I do now?

 

FYI...A month ago this same thing happened. Our IT person tried to fix but ended up creating another user account so now I have 3 user accounts (D, D1, and admin). Things were good for a while and then I started to have some performance problems and my system started to crash. I did what is recommended on this site, running all the scans and stuff. I didn't save any of the files because there were no problems and my computer was running great. I didn't use my computer for some time and when I did yesterday I could only boot in safe mode and some of my apps weren't there (I downloaded them after I did the scans). Anyway, I'm re running all the scans and saving files to send to you. Should I be doing this on each user account? I still can't boot up in normal mode to run Hijackthis, getrunkey, and newfiles. What should I do now?

 

Shownew and Runkeys are not virus scanners, They are just scripts to show us what files have changed or been created recently. What do you mean by they are clean? They should always contain some information, if they don't then you have either not extracted the zip files properly or you have some problems with your PATH var or some system files.

Most of the actual scans should be run from safe mode but we'd prefer the HJT log from normal mode.

If after running the first steps you can't get into normal mode then there isn't a lot of choice but to run then from safe mode. Once you have run these scans post the logs and explain any problems you had with any of the steps.

If you have problems with several user account we prefer to clean the accounts one at a time, you should start with the administrator account as this will be easiest to work with as it will have the correct permissions and cleaning this may fix a lot of problems with the other accounts if there are any

I am moving this thread to the Malware Removal forum now, if the problem turns out not to be malware related I will move it back here for you.

 

Ok. I'm still running BitDefender on the latest user account created D1. When I finish with that and Panda I will go through the same with the admin and the original user account When I run the shownew, runkey, and hijackthis, what account should I do it from? Also, should I delete the original account at some point?

 

Run them all from the administrator account.

We will decide what to do with the acocunt later when we have cleaned up the malware if there is any present.

 

I just ran a BitDefender Scan from the link on the READ & RUN ME FIRST document and it didn't find anything. I don't see a detected problems tab. it just says send report or don't send. I clicked on view report and it says # of files scanned and nothing detected. Should I be doing something else?

 

Ran READ ME & RUN ME FIRST still having problems

I completed all the steps except # 8 in your READ ME & RUN ME FIRST paper. I still can't boot my computer in normal mode. All of these logs files were run in protected mode per a suggestion from matt.chugg on a previous thread. Here are the log files. By the way, I saved the READ ME & RUN ME FIRSt document on my system. When I call it up in all the user accounts except the admin it comes up fine. When in admin I get a message about disabling macros.

 

ran READ ME & RUN ME FIRST part 2

Here are the rest of the log files.

 

After running the scans yesterday my computer doesn't even boot in safe mode today. I have a presentation on Monday and I really don't want to buy a new computer.

 

You don't need to buy a new computer, at the worst you will just have to reload the OS.

Your logs seem to be clean, I suggest you head back to the software forum and start a new thread in the software forum explaining the situation, someone there will be able to help you fix this or at worst walk you through the steps to reload your operating system..