viraladmin

Okay so its been over 7 hours I have been waiting for a reply. Have I posted this to the wrong forum? (I really hope not I'd hate to find I have wasted all this time posting to the wrong forum).

I am frustrated to no end. I have been working on this problem sense 11 pm last night. Its now 3pm... 16 hours of straight trying to fix this. No one has a suggestion? I am at a loss here.

So I have solved about 80% of the problem. Malwarebytes removed 6 threats. I rebooted, the registry seemed fixed. I tried to open malwarebytes from my user account (as opposed to safemode/admin). No such luck I tried to install AVG again, it started to work, then failed saying it couldn't connect to the internet. I did a hjt scan and found some nameservers on the list that don't belong there, removed them. Rebooted into safemode again. Malwarebytes started perfectly from safemode. Tried starting the AVG installer, it seemed to work but was taking up way more CPU resources then it should. So I checked the taskman. Taskman reported a file called stub.exe I killed the process, avg died with it. I ran malwarebytes yet again. This time it found 1 problem (which it found the first time and I removed might I add) c:\windows\system32\ernel32.dll So now I have a file that malwarebytes detects and removes, but keeps coming back and I have no idea if its related to the stub.exe file I really have no idea what to do

I may have spoke to soon with my last message. I actually cannot access anything within HLM/Software Following the thread http://www.pchelpforum.com/fixed-hijackthi...code-5-a-3.html I was able to force ownership back to the administrator for the malwarebytes keys and get the software installed and updated. It is currently running. However unlike the owner of the above thread, mine was NOT caused by removal of a user. I have not made any changes to the users on this system, nor have I edited any of the registries prior to today. I am most assured this was caused by some sort of rootkit/malware/virus. The problem I am now faced with is even when I do find the virus (or whatever caused this), I now have a registry completely filled with keys that have no assigned users/permissions. When I try to "replace permissions on all child objects" I get an error "could not set security on the key currently selected, or some of its subkeys". This is probably a bit beyond the scope of these forums but any chance anyone has heard of such a virus (what have you) or a fix to this? Thanks P.S I am currently running malewarebytes and it has found 4 objects infected so far.

I have read hundreds of forums and forum posts (including these forums) but can't seem to find anything that comes even remotely close to fixing the problem. It started off with the fact I couldn't update my antivirus (AVG). So I figured I'd try a fresh install... big mistake. After uninstalling, there was no reinstalling. The installer will not run at all. So I figured I'd do my usual mal/spyware scans. Spybot S&D will not update Malwarebytes will not update Superantispyware is using 100% CPU and doesn't stop (I waited over 2 hours just to be sure) SO I started surfing forums. The first thing I read is to uninstall Malwarebytes, run the "clean" uninstall tool, reboot, redownload malwarebytes. I tried the recommendation: Uninstalled malwarebytes downloaded the clean removal tool tried to run it, SHGetValue failed with code 0 searched forums and found that error basically means "all removed" downloaded the newest version run the new version: regcreatekeyex failed; code5 I have checked the permissions of my registries and I'm no expert but it appears as if the registry key HLM/Software/Malwarebytes' Anti-Malware is the only affected key. I can't manually assign permissions as I get a permission denied when I try. The same if I try to rename the key, delete the key, or anything else. I have no idea what to do next. I can't reinstall XP as I have no installer CD. I also have no flash drives or floppy drives. I am running an AMD based computer. I have no idea what to do next. I have also tried using hjt but see nothing out of the ordinary in the scan results. Please help asap.