Jump to content

Antivirus 2009 Help Needed - Desperate


JEM216

Recommended Posts

My computer has been infected with the AV2009 trojan. When I tried installing CA suites, it wouldn't complete the installation and automatically rebooted my computer. When the computer restarted, I got the screen that tells you the bios version and the windows xp screen. Then nothing but a black screen with a cursor.

I tried starting it in safe mode and on Tuesday I was able to get to the command prompt but didn't really know what I should do from there. I tried getting the command prompt last night and it wouldn't come up, regardless of what mode I started it in. After hitting enter for Safe Mode with Command Prompt or any other one, I get a screen that has all kinds of files on it. I can't remember exactly what it says but it has words and then either a zero or one in parathesis and then partition (1)/System32/Drivers/name of file (Something like this) After about a 1/2 hour it will go to the safe mode screen but again only a black screen with a cursor and safe mode written in the corners.

I downloaded malwarebytes but cannot run it because I cannot get to my desktop or the command prompt. I'm doing this from work because I cannot access email or anything on my home computer. I'm going to search for a bootable malwarebyte file to try to reboot from the CD but I'm not sure if I'll find one. I read some posts on your site and I guess I should download Avira onto a bootable CD and try that. (I hope that it is not just another trojan).

I don't know what else to do short of formatting my hard drive which I don't want to do because I have a lot of programs on there and data files. Problem is I haven't backed up in awhile. (Live and learn)

Is there any help? I will check my emails from work as I cannot access anything on my computer.

Thanks for any help.

Link to post
Share on other sites

At this point, unless you can get booted into Windows, the Avira Bootable CD is your best bet. Instructions on getting it and using it can be found here: http://www.malwarebytes.org/forums/index.p...amp;#entry36254 However, if you are able to get booted into normal mode and access your computer, then please read and follow AdvancedSetup's instructions here: http://www.malwarebytes.org/forums/index.p...amp;#entry35969

Then download and install Malwarebytes' Anti-Malware from here: http://majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Install it, update it and then run a quick scan and remove whatever it finds. Reboot if necessary.

After you've removed enough of the infection to get Windows running and have run Malwarebytes', please read the instructions here:

http://www.malwarebytes.org/forums/index.php?showtopic=2936

and post your logs in a new topic here:

http://www.malwarebytes.org/forums/index.php?showforum=7

Please be sure not to install any software or use any removal/scanning tools exept those that you are

instructed to by the expert who will be assisting you as doing so can make their job much more difficult.

Link to post
Share on other sites

This infection can block even malwarebytes from running, if that happens you may need to check the programs name, if you need more help check out

Edit: Your signature spams your pay for help service enough. Please do not post the url in messages.

Link to post
Share on other sites

This infection can block even malwarebytes from running, if that happens you may need to check the programs name, if you need more help check out

Antivirus2009 isn't the program responsible for blocking our application from running. Rootkit.Agent variants often installed by the same drive by installer usually are.

Link to post
Share on other sites

I burned the Avira onto another cd but I got the same response. It will not boot from the CD. I tried putting in the Windows Rebootable CD that I got with the computer and the computer will boot from that. I get a blue screen that has R for restart, D for diagnosis and one other letter that I can't remember. But at least I know it's bootable still. The tech at work said that maybe the file wasn't completely uncompressed but I didn't think it needed to be. Maybe I need to download a different format to get it to boot. I am so relying on this software to fix my computer because I desperately need it for work. Thanks for all your help.

Link to post
Share on other sites

It looks like Avira doesn't like you (just kidding). Once you download the .exe of the Avira rescue system, run it and it will ask for a writable cd, instead of burning it there and then, just click exit after running it. It will offer to let you save it as an iso to burn with another application, save it to your desktop as Avira and use Nero (or whatever burning application is the default on the PC you're using) to burn it to disc. If it is Nero, then you should simply need to double click the .iso file and Nero should open and allow you to burn it to disc and it will automatically be made bootable. If you have any more questions or trouble please let me know.

Link to post
Share on other sites

Exile 360, it looks like you're right. Avira doesn't like me. I finally got a tech at work to download and burn the CD for me. I was able to boot from it and scan the computer, but it came back that it detected 333 warnings but did not find any infected files. It didn't give me many options. I could either start or stop scan at the bottom of the page and on the left it said Virus Scan, Information, Configuration and Miscellaneous. (If my memory serves me)

When I exited from it, I got the same black page with the cursor. Maybe I have to do something on the bios screen. I hit delete when rebooting to take me to the bios screen but I'm not sure if all those configurations are right. Maybe that's why I can't get anything but a black screen. Even if I reboot in safe mode, safe mode with command prompt, any of them, I still get a black screen with a cursor on it.

Please tell me there's help for my computer. I'm going through withdrawal and I have to bother a friend to use hers so that I can check any posts or emails from this forum.

I hope to hear from you soon. I will try to check tomorrow morning again. Thank You.

Link to post
Share on other sites

I'm sorry to hear the Avira disc didn't do anything to help, I was really hoping it would. Considering how things are going it isn't looking too good. I have one last thing for you to try. Please download the Diagnostic and Recovery Toolset 30 day trial from here: http://www.microsoft.com/downloads/details...;displaylang=en Install it on a working computer running Windows XP (won't work on Vista) and follow the steps to create the ISO and burn it to a disc as you did with Avira. Boot from it with your infected PC and when it asks what installation to attach to, select your Windows XP (you'll see what I mean when you run it). Now, please use the File Explorer tool and browse to C:\Windows\System32\Drivers and look for any files that start with the letters TDS and delete them. Once you've done this, reboot and remove the disc from your drive and see if Windows will boot normally now, if not, then please boot from the disc again and try using the System Restore tool to roll back to before the infection occured, then follow the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs in a new topic here: http://www.malwarebytes.org/forums/index.php?showforum=7 so one of the malware removal experts can make sure your system is clean and that there's no nasty leftovers. Please get back to me with any questions and let me know how it goes. I've got my fingers and toes crossed for you. :) Good luck!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.