I went to one web site in Internet Explorer and got infected with several viruses including advanced virus remover and Windows antivirus Pro. I deleted many files and registry keys but didn't get everything.

If I try to install hijack this, it doesn't work, just closes. I have to rename the file to something else and then it gets installed. When I run the program and do a scan, it's almost completed and then it just closes. And you can no longer run the program again. The icon is changed to a generic executable file. The same thing happens with spybot, but it closes immediately when you start a scan. I'm doing all of this in safe mode.

Teatimer warned me of registry changes and I denied everything but they still went through. Is there any registry protector strong enough to block these viruses?

I've tried to run many scans with various programs including combofix, avp, housecall. Avira antivir was the only program to complete a full scan. But when I try to fix the infected files the program just shut down and can't be loaded again.

So what can I do to get a scan log with hijack this without it shutting down?

Hello Jello

Welcome to Safer Networking.

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
That said, All advice given by anyone volunteering here, is taken at your own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.


We Need to check for Rootkits with RootRepeal
Please download RootRepeal one of these locations and save it to your desktop
Here (http://ad13.geekstogo.com/RootRepeal.exe)
Here (http://download.bleepingcomputer.com/rootrepeal/RootRepeal.exe)
Here (http://rootrepeal.psikotick.com/RootRepeal.exe)

Open http://billy-oneal.com/forums/rootRepeal/rootRepealDesktopIcon.png on your desktop.
Click the http://billy-oneal.com/forums/rootRepeal/reportTab.png tab.
Click the http://billy-oneal.com/forums/rootRepeal/btnScan.png button.
Check all seven boxes: http://billy-oneal.com/forums/rootRepeal/checkBoxes2.png
Push Ok
Check the box for your main system drive (Usually C:, and press Ok.
Allow RootRepeal to run a scan of your system. This may take some time.
Once the scan completes, push the http://billy-oneal.com/forums/rootRepeal/saveReport.png button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.

Hi Ken,

I can no longer get into Windows. Last time I was in Windows, every time I tried to open a program I got a pop-up message asking me what program I want to use to run the file. I'm running Windows XP Pro. I put the original installation CD in and attempted to do a repair and while Windows was installing, these pop up messages kept coming up. The first one was showing rundll32.exe and asking what program I want to use to open it. After that, I got a lot more with different file names. I had to keep closing the pop ups for the installation to continue.

Since this happened, Windows won't boot up. I can't even get into safe mode or command prompt. I just ordered another hard drive. I was going to try to restore an old backup I have on an external hard drive onto the new hard drive and then transfer files from the infected hard drive. Would I be able to do this without infecting the new hard drive?

If you have any idea how I can get back into Windows, please let me know.

Is there any other way for me to run RootRepeal?

Try this


Press the power button
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Last Known Good
Then press the Enter Key on your Keyboard

I've tried that. It just hangs at a black screen. When I was in Windows, I tried checking system restore through ccleaner and nothing was there. Can spyware actually delete your system restore points?

Jello,

This sounds like a windows issue, post in this forum for help as we just do malware removal on this one. After they get you up and running, post back and we can check your system for malware.

Windows Support (http://forums.whatthetech.com/Microsoft_Windows_f119.html) <-- Our sister site