Malware help

[Bloodloss]

Hi, i've used your program recently to remove a spyware problem from one of my machines and yes, while it has cleaned the system, i can no longer use the system at all.

Basically, when I start up my system now, I get "error loading (path here) shell.exe". Also, starting regedit and msconfig I receive the message "error loading (path here) batsbilkbqd.sys"

Any clues as to what is going on there?

Regards

Blood.

[JeanInMontana]

Hi Bloodloss and welcome to Malwarebytes. Have you tried doing a system restore? Or repair install? I can't find the one file you mention in any searches are you sure it's spelled correctly? When you say you can't use the system at all, will it boot?

[Bloodloss]

Hi Bloodloss and welcome to Malwarebytes. Have you tried doing a system restore? Or repair install? I can't find the one file you mention in any searches are you sure it's spelled correctly? When you say you can't use the system at all, will it boot?

Hi there and thanks for the welcome. It's much appreciated!!

Yes, the files I mentioned are spelt correctly! I've not been able to find references to it either.... Perhaps I could send a copy of the report I get from my second system that I'm working on?

The files I mentioned seem to have been added by the offending program and are used to execute further instructions (reproduction of the offender perhaps?) on detecting msconfig or killing a process with the task manager.

I'm not 100 percent sure. But I would like to open these programs without the error reference popping up and refering to files no longer there!

Any clues?

Many regards

The system does boot yes, but trying to run programs like msconfig/taskmanager/regedit all point to this file that no longer exists... to me, that's unusable... (sorry about the lack of clarity there....)

Blood.

[JeanInMontana]

OK since you can boot. We can do some analysis.

Please set your system to show

all files; Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and folders.

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

If you haven't already, please get these programs, update and run a complete scan removing all items found.

Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this.

Please run a full scan of your main drive, usually C with MBAM making sure you check all items found for removal. Please post that log in your next reply.

Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum.

Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This!

You will post three logs. 1. MBAM scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth.

I will analyze the logs and give you further instructions. Be sure to set your email to allow mail from Malwarebytes.org and your personal settings to send an email on reply to your topic. This will let you know when there has been an update to your topic and you can come and see what has been said.

Be patient and persistent. These things can take time and many procedures.

[JeanInMontana]

Due to lack of response this thread will be closed.