AVSystemCare and other infections

[courtney]

Have some major problems. We took our computer to a repair place and when we got it back we have a bunch of problems now. We have AVSystemCare on our computer, can't get into Control Panel (has disappeared). Downloaded Spyware Doctor, slowed and stopped at 27 percent but it caught this before that happened:

Spyware.Known_Bad_Sites

Adware.Agent.BN

Rootkit.Agent.EY

Trojan-Proxy.Wopla

Trojan-Spy.Banker.CMB

Trojan.ISTbar

Can you help me here? Thanks!

[courtney]

Can anyone help me here?

[MysteryFCM]

Sorry no-one has gotten back to you yet.

Please do the following;

1. Download ComboFix;

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Download HiJack This;

http://freeware.it-mate.co.uk/?Cat=Security#135

Once downloaded, run ComboFix and follow the prompts.

Don't click on the window while the fix is running, because that will cause your system to hang.

Once complete, a log will be produced for you. Please post the log, along with a HiJack This log.

[courtney]

Sorry no-one has gotten back to you yet.

Please do the following;

1. Download ComboFix;

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Download HiJack This;

http://freeware.it-mate.co.uk/?Cat=Security#135

Once downloaded, run ComboFix and follow the prompts.

Don't click on the window while the fix is running, because that will cause your system to hang.

Once complete, a log will be produced for you. Please post the log, along with a HiJack This log.

I downloaded both programs. I ran ComboFix and the computer restarted and then I logged into Windows it went to my desktop background and there is nothing there. No programs, folders, no start button. When Combofix was running it said to not mess with the dialog box because it could make this happen but I didn't do that.

[MysteryFCM]

Can you post the Combofix and HiJack This logs please?

[courtney]

Can you post the Combofix and HiJack This logs please?

How would I find the logs? When I start up my computer, it lets me log into Windows and then the only thing that comes up is my background picture. There is nothing else there.

[MysteryFCM]

Hold the CTRL+ALT+DEL keys, then go to File > Run (New ...) and type: explorer.exe

[courtney]

Thanks, I'm at work now and I will do that when I get home. I'll post my logs then. Thanks for all your help!

[MysteryFCM]

No problem

[courtney]

When I did CTRL+ALT+DEL a dialog box pops up which says the administrator has denied access to this program. This is the same message I had gotten before when I tried to go in and uninstall programs through the start menu (since I haven't had control panel in over 2 weeks).

[MysteryFCM]

Okay, let's see if Safe Mode will work.

1. Re-start the computer

2. Continually tap F8 until the boot menu appears

3. Select Safe Mode from the menu

4. Login to Safe Mode (if asked to do so), using the Administrator account (NOT using your regular account)

If you can access Safe Mode, please let me know, if not, we'll go a different route.

[courtney]

I would try this but I had tried the Safe Mode trying to get to Control Panel when it all started and I'm completely blocked out of the administrator account.

[MysteryFCM]

Oks, let's go the long way round.

First we'll try restoring access to the administrator account.

1. Please download the following to your desktop

http://archives.mysteryfcm.co.uk/system/fo...rd/cd070927.zip

2. Extract the .iso file

3. Follow the instructions on the page below, to burn the ISO to CD

http://www.petri.co.il/how_to_write_iso_files_to_cd.htm

4. Once burnt, insert the CD, then re-start the computer

Note: If your computer is NOT set to automatically boot from CD, you'd normally go into the BIOS to change the boot order. However, this is not recommended for those that are not familiar with this, so please skip the rest if the computer does NOT load the CD on boot

5. Once the CD has booted;

• Type Yes when prompted
  
• Next, type: reset Administrator
  
• Next, remove the CD and re-start the computer
  

Assumes Administrator is the name of the main administrator account

6. Once the computer is re-starting, continually tap F8 to access the boot menu

7. Select Safe Mode, and choose the Administrator account when prompted

[JeanInMontana]

Thanks for your help Steven it is much appreciated. Due to no response for six days I will close this to prevent others from posting it.

If you experience problems similar to those described here please start your own topic. All fixes and advice are for the system in this topic not yours. Following advice for someone else's machine can ruin yours.