MBAM wont start, Antivirus System Pro alerts

[rwh56]

My son's computer has been getting warning annoucements of infection, infiltration, attacks and requests to download "Windows Syestem Pro" antivirus program. Google searchs are directed to "www.porno.com".

MBAM wont start. If I reinstall MBAM, the program starts but when I click it to scan, the MBAM window disappears two seconds into the scan. When I restart the program I get a note that I dont have authority to use the program or that Windows doesnt specify the path. The same result occurs when I reinstall and rename the application file. I can open program and start scan, but it all stops and dsappears in two seconds.

Hijack This wont start. Cant start the Hijack This program even if I rename the application file.

Any help is appreciated.

Rob Harold

[chamber]

Hi,

Please download exeHelper to your desktop.

Double-click on exeHelper.com to run the fix.

A black window should pop up, press any key to close once the fix is completed.

Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link HERE
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

[rwh56]

I am completely frustrated.

After coming home from work, I tried to boot up my son's computer in safe mode. It seemed to pause a good deal longer than I recall while on the black screen with "Safe Mode" written in the four corners. Once the screen appeared with the desktop icons, there was no taskbar, and the dedicated Windows keyboard button did not pull up the start menu. Earlier in the day, I had copied exehelper.exe and Combo Fix setup file onto a USB flashdrive. After plugging the USB flashdrive in, I was able to get to the flashdrive file window, but I couldnt send or otherwise move the files from my flashdrive to the desktop (or anywhere on the computer).

I restarted the computer and let it normally start Windows. Again no taskbar at the bottom of the screen. A message screen contained:

C\Program Files\Dell Suppor Center\gs_agent\dsc.exe

Unable to launch application. Please restart your computer and try again. Error code: 2147023174

I could not move the Exehelper.exe file or the ComboFix Setup file to the computer. I put a shortcut on the desktop for each file. Clicked the Exehelper shortcut and a black screen appeared and disappeared in less than a second. Clicked the ComboFix shortcut. It seemed to be installing the program. I then received warning messages about www.bleepingcomputer.com is not responsible for any damage, then a message that the "program file is infected and I should get a fresh copy, infection may be due to a file patching virus like "Virut"." Then ComboFix disappeared. Clicking shortcut again got the message that the shortcut no longer works as target has changed or been moved.

I cannot connect to the internet to get a new copy downloaded directly to the desktop.

I still cannot install MBAM. I got an error message: Run time 372. (Yesterday I was able to install it and begin a scan before it quickly crashed.)

I ran a copy of RootRepel and it loaded and scanned. But I cannot move, print or copy its scan report to include here.

I dont understand how the problem worsened so dramatically. The computer was off since my last attempt.

The computer wont allow me to intall any program I might use to fix this problem.

Any advice is appreciated.

Rob

[chamber]

Hi,

We are going to try and get a couple of files to scan.

You need to see if you can get to these files and then get them scanned.

• Make sure to use Internet Explorer for this
  
• Please go to VirSCAN.org FREE on-line scan service
  
• Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
  
  • c:\windows\system32\userinit.exe
    

  [*]Click on the Upload button

  [*]If a pop-up appears saying the file has been scanned already, please select the ReScan button.

  [*]Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.

  [*]Paste the contents of the Clipboard in your next reply.

Can you also please scan these files,

C:\WINDOWS\explorer.exe

C:\WINDOWS\System32\svchost.exe

[rwh56]

Well, as I mentioned in my previous response, I do not have any internet connection on my son's computer. I cant access the wireless connections. I tried twice and cant get the Belkin utility or XP connection wizard to establish a connection.

Im ready to toss this computer.

Rob

[chamber]

Can you copy those files onto a memory stick and copy them across to another computer to scan them?

[rwh56]

nope]

[chamber]

So at the moment, we cannot get tools to run, cannot get access to the internet, and have the worst virus imaginable on this computer.

I hate to be the bearer of bad news......

You are infected with a polymorphic file infector. This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain .exe, .scr, .rar, .zip, .htm, .html files.

• Backup all your documents and important items only.
  
• DO NOT backup any executable files (,exe .scr .html or .htm)
  
• DO NOT back up compressed files (zip/cab/rar) that may contain .exe or .scr files
  
• Reformat and Reinstall as outlined HERE
  

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

[rwh56]

Thinking that it must be unlikely to have the worst virus imaginable, I went back to see what I could do. But things got worse. Safe mode presented a blank screen. And nothing would work on the normal mode. I couldnt move any file for back up in preparation for a reinstallation. Fortunately Dell has a ghost file of the computer when it was first bought. So the reinstallation, if that's what it is called, was very quick. Of course all my son's files are gone. And I need to reinstall the wireless and other programs. I will instruct my son on safe computing.

Chamber, thank you for your time and knowledge. Your last advice sent me in the right direction on reinstalling. I didnt know about the ghost file, and your link led to my discovery of it.

Rob

[chamber]

You're welcome, sorry that we couldn't do more for you.