The malware on my computer is redirecting my browser. My Avast! is deactivated and I can't get it to run, can't get spybot or any other security software to run. I downloaded HighjackThis, but can't get it to run either. I know I have PC AntiSpyware 2010 on my computer, but can't get rid of it since I can't run any security software. Help please!
Boot your machine into safe mode. To reach safe mode you would tap the f8 key during a computer restart. chose the first option from the list: safe mode.
Once at the safe mode desktop try running your AV and any anti-malware apps you have. See if this helps any.
Until clean I suggest using the machine as little as possible, in fact when not in use you can pull the plug on your modem or router or just shut it down so there is no network connectivity.
Here is what I have done so far:
Booted in safe mode, tried to run Avast! and SpybotSD with same result, error message "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item" Renamed Spybot and tried to run it. It comes up, but as soon as I chose to perform a scan, it shuts down and I can't open it again.
I have tried HJT and it will not run in safe mode or in normal mode. I have also renamed it, but still will not work.
I have backed up registry with ERUNT.
I also have a Kaspersky log if that would be helpful. Their online scan is the online thing I have been able to run so far and I have kept the log. Let me know if you need it.
Do you have access to another machine that you could read a guide on?
We will try combofix, there is a guide to read first. Read through the guide then download combofix onto the infected machine. Before you save it to your desktop rename combofix.exe to combofix1.exe then save it to your desktop.
Double click the saved icon on your desktop and follow the prompts.
Another possibility is to rename and save the combofix1.exe to a usb flash drive then transfer it via usb to the infected computer. If you do this leave the usb drive in the infected computer. Its possible for some malware to infect usb drives and spread to a non-infected computer if inserted back into one.
Downloaded ComboFix and renamed it. When I double-click on it, the window "Open File - Security Warning" opens and it says "The publisher could not be verified. Are you sure you want to run this software?". I click run, the window goes away and then nothing happens.
try booting into safe mode to run combofix. To reach safe mode you would tap the f8 key during a computer restart. Chose the first option: safe mode. Once at the safe mode desktop try running combofix.
Not good. See if you can get RootRepeal on board. And use the machine as little as possible, pull the plug on router/modem when not in use and no bank/financial stuff.
Click the icon on your desktop to start.
Click on the Report tab at the bottom of the window
Next, Click on the Scan button
In the Select Scan Window check everything:
Click the OK button
In the next dialog window select all the drives that are listed
Click OK to start the scan
May take some time to complete.
When done click the Save Report button.
Save the report to your desktop
To Exit RootRepeal: click File>Exit
Post the report in your reply
This actually worked. Here is the RootRepeal Report:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/08/25 21:39
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
not much there. I was expecting more. rerun rootrepeal. this time:
Click the icon on your desktop to start.
Click on the Report tab at the bottom of the window
Next, Click on the Scan button
In the Select Scan Window check:
Processes
Click the OK button
In the next dialog window select all the drives that are listed
Click OK to start the scan
When finished, in the main window, right click on "terminate process and delete file" for this single entry:
Please help...can't get rid of this one
Posting Permissions
