How can I get rid of that virus?!

By DrAcoolA
Apr 17, 2007
  1. Newbie here...

    Hi there, I found this site right after I realized that something(s) (plural even!) was wrong about my pc and while I was looking for a solution online.

    Firstly, I can't bring up my task manager; not with ctrl+alt+del, not with ctrl+alt+esc and not with anything else! It still doesn't show up in safe mode!
    When I try to bring it I end up with a message saying that it was blocked by the adinistrator. But what the hell?!? I AM the admin!

    Secondly, I can not also get the system restore I tried dozens of ways both in safe and normal mode but no solution! it says "It's been blocked due to the group principles"

    Not only that, but also I can not see the hidden files anyhow! The folder options in the tools menu of the folders has vanished! Also I can't access it from the control panel!

    I have Norton's Antivirus software and AVG antivirus installed. But because I don't have any internet at home due to some technical problems, I couldn't upgrade the def.s of norton but Avg is up to date.

    Finally when I scanned with avg it detected something like "worm vb.asd" and "isass.exe" there are some more files like "new folder.exe" but it seems to me that the first two is important.

    The bad thing that prevents me from re formatting my pc is that I have a program for law that I have to rebuy to install again (and its really expensive!!). So if there is a way to clean it as nothing has happened, I don't care how complicated it is but I'll take that chance!

    Thanks in advance, regards...
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Follow as many of the instructions below as you can.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of DrAcoolA only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. DrAcoolA

    DrAcoolA TS Rookie Topic Starter

    thanks for your advice, but there now are somethings that I want to add...

    Firstly I have never had internet at home, I got that virus or whatever it is via my ipod.

    Secondly, I have today after posting the message opened a new administrator account and now I have the regedit and taskmgr in the new account and can use all the programs without any problems. But the thing is "show hidden files/folders" option and "windows system restore" tool is still unaccessable as before.

    Thougt it might help. I'd be happy if you could reconsider my porblem in accordance with the new info.

    Thanks again and have a nice day!
    (but still I'll post the hjt report asap.)
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok, you`ll need to download the various programmes and tools and burn them to a cd, then install them on the infected machine and run them in accordance with the instructions.

    Obviously, you won`t be able to update some of them because you don`t have the net for that system. AVG Antispyware has a manual update(see instructions) file that can be downloaded and burned to cd, then transfered to the infected machine and executed.

    Post as many of the logfiles as you can.

    Regards Howard :)

    This thread is for the use of DrAcoolA only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  5. DrAcoolA

    DrAcoolA TS Rookie Topic Starter

    I don't know why but I couldn't load the definitions of avg antispyware but I still run the program and it found nothing unusual so I didn't feel like it was needed... But I did the hjt scan and here is the log file.

    Again wanna tell you that I can access regedit and taskbar with the new admin account that I opened after the incident. I also fixed system restore by putting an original, working copy of rstrui.exe from another unaffected computer but it can not do changes still! And also I cannot see the "show hidden files" option anywhere.

    And one more thing...

    As I can not turn show hidden files and folders option on, will the softwares that you recommend still work 100% normally? If yes, then what's the catch in showing the hidden files?
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\lsass.exe

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).


    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log and see if you can post the rest of the requested logfiles.

    Regards Howard :)

    This thread is for the use of DrAcoolA only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...