Hello all,

I'm a long-term user of Spybot SD and many other security programs. However, on my latest computer I declined to install any of these or a proper firewall; my one redeeming feature was my use of AVG AV. I had believed that due to my none-usage of P2P etc. on this machine that the risks were minimal.

Unfortunately, my confidence was to be unfounded. Having helped a friend with the security centre malware, I myself have become the victim somehow.

I think I've picked up a trojan or some form of malware. I've left the computer running and not restarted it as from past experience it seems to merely make the problem worse if it is a trojan/malware. I'm unable to open explorer, run task manager or run any other .exe's. AVG isn't working, and I'm unable to download anything as anything I've d/ld has disappeared from the folder instantaneously. I've d/ld MBAM onto a stick from my other system, but it cannot be run - regardless of the .exe, I always get the same message -

"Illegal operation attempted on a registry key which has been marked for deletion."

I've read some bits and pieces on this forum, and tried d/lding silent runners onto the stick and running it - it does run, but then is unable to work out which OS I'm using as the WMI is corrupted.

Sorry to add yet more malware problems to everyone's plates, but if someone could help, I'd be much appreciative. I'd also pledge not to be so boneheaded and overconfident in future and take more precautions like I used to.:sad:

Hello stacaman

Welcome to Safer Networking.

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
That said, All advice given by anyone volunteering here, is taken at your own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.


Please download exeHelper (http://www.raktor.net/exeHelper/exeHelper.com) to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).




Please download RootRepeal one of these locations and save it to your desktop
Here (http://ad13.geekstogo.com/RootRepeal.exe)
Here (http://download.bleepingcomputer.com/rootrepeal/RootRepeal.exe)
Here (http://rootrepeal.psikotick.com/RootRepeal.exe)

Open http://billy-oneal.com/forums/rootRepeal/rootRepealDesktopIcon.png on your desktop.
Click the http://billy-oneal.com/forums/rootRepeal/reportTab.png tab.
Click the http://billy-oneal.com/forums/rootRepeal/btnScan.png button.
Check just these boxes:
http://forums.whatthetech.com/uploads/monthly_08_2009/post-75503-1250480183.gif
Push Ok
Check the box for your main system drive (Usually C:, and press Ok.
Allow RootRepeal to run a scan of your system. This may take some time.
Once the scan completes, push the http://billy-oneal.com/forums/rootRepeal/saveReport.png button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.

Due to inactivity, this thread will now be closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new HijackThis log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.