Malware Blocking Malwarebytes

[WillP]

Problem

I'm helping a friend remove malware from his computer that took over the system 2 days ago. The malware appears to have removed the icons and start menu from the desktop and I can only function in the admin. account through the task manager. It is also preventing me from being able to do a system restore, access the control panel, edit the registry (at times, but not always), access the internet (at times, but currently available), enter safe mode (which freezes), and access the task manager on any account other than the admin. account.

Also, I tried to change the group policy to stop the malware from preventing system restore, and cleared the registry of the entry that was blocking restore, and it still won't restore. I also checked the processes running in task manager, and haven't been able to find any processes running that have names other than normal Windows processes. I was suspicious of iexplorer running the other day when the program wasn't open, but I didn't do anything about it then, and it seems to have stopped. Here are the details:

Scan Info:

Yesterday I ran Spyware Dr., which still seems to work. It told me that I have the following on the computer:

Rogue ANtispyware.xpa (1 infection)

Trojan-spy.zbot.YETH (7 infections)

Trojan-spy.zbot.A (8 infections)

Email-worm.zhelatin (3 infections)

Backdoor.Ceckno.BHX (1 infection)

Adware.Agent.20 (3 infections)

Trojan.Virtumonde (10 infections)

Trojan-Downloader.Agent.OGP (3 infections)

Adware.Component.Unrelated (2 infections)

Non-functioning Security Programs

I have downloaded the following antivirus/anti-malware programs that it has prevented from functioning:

Kaspersky

Norton

SUPER Antispyware

Malwarebytes

Hijack This

I have even tried renaming the files and moving them to other locations to fool the program and this has had some limited success, but it doesn't seem to be working anymore. I was only able to get SUPER Antispyware to function this way, but it has stopped working. It did remove several malware files, but there are more that it didn't catch. I haven't tried the rename trick with Hijack this yet.

Functioning Security Programs

The following programs have been able to scan the machine and appear to be functioning:

Avast

Avira

Spyware Doctor

Avast removed only one file when I ran the scan. Avira is still running a scan as I write this. It looks like Spyware Dr. is still functional, but I haven't run a scan with that since I installed Avira and Avast. Malwarebytes is the best at removing these sorts of problems from everything that I've seen so far in forums on the topic, so can someone help me figure out how to install it? Thanks.

-WillP

[prairie dog]

Try the fixes in #5 from this FAQ

If those don't help read and follow these instructions

Scan and post logs - read note at bottom in green

If you're having Malware related issues with your computer that you're unable to resolve.

1. Please read and follow the instructions provided here: I'm infected - What do I do now?

2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs

3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.

* Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.

* Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.

* Using these other tools often makes the cleanup task more difficult and time consuming.

* If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.

* Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.

* There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review

* NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.

[mountaintree16]

I'd like to add that you shouldn't have more than one AV installed at a time as this can cause problems.

[WillP]

Thanks for the help so far. I'll try that out.

As for having more than one AV program installed at one time, I know it's a problem, but the malware is blocking access to the control panel and I can't uninstall the ones on there that aren't working! Any suggestions?

[prairie dog]

You'll need to follow the instructions in my previous post, as malware removal is only worked on in the HJT log forum. Thanks!

[AdvancedSetup]

Correct. Please post any logs you can run in a NEW post in the HJT forum. If you can't run anything just tell them that as well in your new post.

[WillP]

Prarie Dog,

thanks for your help. I'm looking for the HJT log, but I have not idea where it is. Can you tell me how to post there?

Sorry, but I just registered with this site a few hours ago and I don't know how to use it.

Also, I will try the FAQ suggestion soon. Thanks.

[AdvancedSetup]

The HJT forum is located here: http://www.malwarebytes.org/forums/index.php?showforum=7