Support Forums

Ok, Was on rapidshare, all of a sudden infected.

Wallpaper was changed and locked [Fixed]
Tsk Manager Locked [Fixed]
Folders Hidden + Folder Options Locked [Fixed]
Registry Locked [Fixed]
And a host of others.

Now i need to fix:

Fake antivirus messages in taskbar [Was gone, but returned]
Fake messages (File Cannot Be Executed, (Any app i open).exe is infected.)
[The messages also stop any application Bar my Mozzila and Open NOD32 from running]

------------

Before it got to this point i was able to open apps, i ran MBAM completed, 11 infections, Ran NOD32 Scan, Completed (Got nothing).
Security Task Manager to remove internet explorer add ons

etc..

Now i am unable to run anything i can do no such things.

Any help to resolve this problem is greatly appreciated.

P.s.

I will not reformat
I cannot do system restore graphically, possibly on XP disk boot?
I cannot open safe mode.

I DO Have a second Windows 7 Partition.

Bump

[Too short]

Bump

[Too Short]

Hello;

Post an HJT log and perhaps a user on this forum will know how to read them.

-LS

Find out the infected file if you can. Use multiple antivirus scans. Only keep one active obviously.
Uninstall any questionable programs. Remove all restore points.
Check your startups. Stop anything questionable.
If this does not stop it then try below.

Get a live linux disk. Now this is a live disk so no install needed then once your running live identify the file and deleted it from within linux.

Beyond that its hard to know whats up without more info.
Sounds like the fake antivirus one though.

Find out what is poping up for instance

if it says so and so file it infected with "Bla" then google "bla" or if the program is named "Ha"then good removal of "Ha"

99% of the time it is going to be ether something obvious in program files like spyware remover or virus tool or a bunch of number. Also possibly in program data (depending on operating system either in c: as a hidden file or your user profile)

(01-08-2010, 10:08 PM)Whinis Wrote: [ -> ]Find out what is poping up for instance

if it says so and so file it infected with "Bla" then google "bla" or if the program is named "Ha"then good removal of "Ha"

99% of the time it is going to be ether something obvious in program files like spyware remover or virus tool or a bunch of number. Also possibly in program data (depending on operating system either in c: as a hidden file or your user profile)

Could be named anything. I used to name my trojans mcafeee.exe and you would be amazed how many times it worked.

Use BartPE's boot disc builder to make a XP boot disc, then obviously boot from it, and it will let you use everything you need to remove the virus. (ie regedit). (If you have a sata harddrive you will also need to add the intel sata driver to the boot disc)

If you don't know how to load the registry hive for the XP install, google "BartPE's editing registry offline".

Please do what Scorch said to do and download HijackThis, http://download.cnet.com/Trend-Micro-Hij...27353.html
After that post your log in here http://www.supportforums.net/forumdisplay.php?fid=48.

HijackThis may not work if the virus is claiming all exe's are virus's and stopping them from running. The setup would never be able to run