PLEASE HELP....BIG VIRUS

by CHNAEYES69 / June 8, 2010 6:42 AM PDT

IF THERE IS ANYONE THAT HELP WITH THIS ISSUE PLEASE LET ME KNOW IT IS GREATLY APPRECIATED....MY LAPTOP IS ACTING CRAZY...I CAN ONLY GET ONLINE THRU SAFE MODE...CAN'T DOWNLOAD ANYTHING AT ALL...WHEN I GO TO MY SECURITY SETTINGS AND CHANGE ANY OF THEM THEY DON'T CHANGE EVERYTHING IS BLOCKED FROM MY LAPTOP...ACTIVE X ANY DOWNLOAD ANYTHING...I KNOW I HAVE A VIRUS BUT IT IS LETTING ME SURF AND VIEW SITES BUT IT WON'T LET ME VIEW THINGS THAT ARE RUN BY ACTIVE X OR ANYTHING LIKE ANY ANTIVIRUS PROGRAMS....SO IF ANYONE KNOWS HOW I MAY BE ABLE TO FIX THIS BECAUSE I AM STRAPPED FOR CASH I WOULD GREATLY APPRECIATED

Collapse -
Please Try This
by Grif Thomas Forum moderator / June 8, 2010 7:27 AM PDT

It may take a little work but try this:

First, you'll want to have a Windows CD for use on a "repair" installation later, maybe. If the cleanup tools work correctly, things may resolve themselves easily. If not, you may need the Windows CD to run a repair installation.

Next, on separate clean computer, download the free Avira Rescue Disc program and create a bootable rescue disc using the instructions below. Once that's done, boot the computer using the Rescue disc and make sure to select the option to "Rename files" per the instructions, then run the scan using the disc.. You don't need to login to your computer as the rescue disc will run "outside" of Windows.

Avira AntiVir Rescue System

After the disc is created, follow these instructions to run it:

Tutorial for Avira Rescue CD

Next, follow the instructions below which you already have some of the tools for. The rescue disc should have eliminated enough of theproblem to allow "rkill" to run and allow you to install malwarebytes, etc.. In some case, after the installation of Malwarebytes, the actual "mbam.exe' file will be removed by the malware.. You can easily replace it by copying the file from a separate computer where Malwarebytes is installed, renaming it, then placing in the correctly folder listed below.:

Download ALL of the tools below on a friend or family member's, CLEAN computer and copy them to a CD or flash drive, then transfer them to the problem machine.

First, please download and run the following tool to help allow the removal programs below to run. (courtesy of Grinler at BleepingComputer.com)
There are 4 different versions. If one of them won't run then try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

Rkill.exe http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill.com http://download.bleepingcomputer.com/grinler/rkill.com
Rkill.scr http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill.pif http://download.bleepingcomputer.com/grinler/rkill.pif
_____________________

IMMEDIATELY after running the "Rkill" tool above, run/install the Malwarebytes and SuperAntispyware installer and update files from the links below which you've also copied to a CD or flash drive, and transfered to the problem machine. Do NOT restart the computer after running Rkill.

Once downloaded and before transferring Malwarebytes and SuperAntispyware to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.

Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
http://www.besttechie.net/tools/mbam-setup.exe

Malwarebytes Manual Updater link
http://www.malwarebytes.org/mbam/database/mbam-rules.exe

Next, install and run a full system scan with the SuperAntispyware program and the manual updater from the links below. As before, you may need to rename the installer file to get the program to install.:

SuperAntispyware
http://www.superantispyware.com/

SuperAntispyware Manual Updater
http://www.superantispyware.com/definitions.html
____________

In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder....
_____________________


Hope this helps.

Grif

Collapse -
Please help
by CHNAEYES69 / June 8, 2010 8:01 AM PDT
In reply to: Please Try This

Thanks Grif but the issue I have is this is the only pc I have access to unfortunately. If you have any other suggestions on how to handle this it is appreciated but if not I think I am going to have to scratch up some funds to take it to a professional tech and pay...boo hoo hoo

Collapse -
You Have No Friends Or Family Members There?
by Grif Thomas Forum moderator / June 9, 2010 8:30 AM PDT
In reply to: Please help

The downloads are fairly simple and even the next door neighbor's computer will work as the primary download device, IF you can get their permission..

It comes down to this.. If the computer won't allow you to do anything because it doesn't function correctly, then you need an outside source for the fix.. That can either be a friend or family member's machine OR.. you get to to pay for it.. In my opinion, at the cost of computer repair, it might be worth purchasing an inexpensive second computer for use in emergencies..

Hope this helps.

Grif

Collapse -
A Local Library?
by Carol~ Moderator / June 9, 2010 9:53 AM PDT
In reply to: Please help

All the libraries in my area, make computers available (free) to the public. You might want to consider calling your local library and asking them, if they have some sort of a computer lab. If so, ask if they would allow you to download software. Some do. Some don't.

OR.. you might want to ask a neighbor, if they want to "make a quick 20 bucks". It will cost a whole lot more than that, if you take it to a shop.

Best of luck..
Carol

Collapse -
Don't Panic...
by applegenius83 / June 11, 2010 3:33 PM PDT

This happens alot with PC's. What I would suggest you do (this has worked with me in the past) is Boot into safe mode, go to your start menu and click run. When it pops up, type in MSCONFIG. You should see a window pop up. At the top of the window you should see tabs, one of them will say something like Startup or Bootup or something related to Selective Startup.
When you get there, you will be able to chose which processes execute when your computer boots. There should be an option to deselect all, or use only critical system processes... anyways, deselect as many as you can if you can't deselect all. After that, your computer should be fine even out of safe mode, since the Virus won't run on startup.
DON'T CONNECT TO THE INTERNET!! Not until you have the Virus out. Get ahold of some Anti Virus Software (Maybe download on a Library computer to a flash disc and then take it home and install it on your computer) and remove ALL of the Viruses. Usually when you have something this big, it's probably multiple viruses or worms, maybe setting up back doors to send out your data across the internet. SO STAY OFF UNTIL YOU GET IT FIXED OR IT COULD GET WORSE! Hope this works,
-Jason

Collapse -
Boot .ini on msconfig
by skizz / June 12, 2010 9:35 AM PDT
In reply to: Don't Panic...

thats where you tick the safeboot button and restart in safe mode. Had to do that to my landlords pc to get avsoft and it's friends off my friends pc.

