Inactive "PC Performance & Stability Analysis " XP

[everythingsm]

I was infected with "PC Performance & Stability Analysis "

Desktop cleaned, and I can't get to my Virus Softwares. Mcafee detected and cleaned Trojans before infection.

I have MalwaryB, SuperSpyware, Adware. i've tried in Safemode but can't get to any programs or MA;lware to start cleaning.

For whoever helps I CANNOT get on the Internet please keep that in mind and let me know if I need to get a disc burned(site and specific link) or if you can help me get on the Internet to download programs.

Please help.

Scott

 

[Bobbye]

Scott, if you cannot access the internet with the infected machine, you will need to use a flash drive to download the scans, then attach it to the problem machine and run the scan on it.

If you have no internet connection anywhere or on any other computer, I won't be able to help you. I'm hoping the the failed connection is only on this system.

Please understand that with this rogue program, you are going to see messages and alerts about 'critical system problem', 'failing hard drive', severely infected,' etc. These are not real problems. They are a product of the malware, so that you will click on their program to "fix" these fake problems.

I'm not clear on this sequence of events though: somehow you were told you had this malware> how? You cleaned the desktop> what do you mean? McAfee found and removed Trojans previous to this infection, but you can't get to your "Virus Softwares"> explain this please.

You have Malwarebytes on the system now, along with SAS, but they won't run a scan? What happens when you try? Error message? What?

How does the fact that you cannot access the internet now relate to malware? What happens when you try?

What are the symptoms you are actually having now-other than failure of the above.

I will be glad to try and guide you, but you will need to be more specific. I need to know what happens in order to try and have you do something that might help.
==========================================
This is what we ask you to follow to begin: Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
=====================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================.

 

[everythingsm]

I'm not clear on this sequence of events though: somehow you were told you had this malware> how? this software started running on my system "PC Performance & Stability Analysis "

You cleaned the desktop> what do you mean? McAfee found and removed Trojans previous to this infection, but you can't get to your "Virus Softwares"> explain this please.McAffe started poping up saying was blcoking Trojans. Then all of a sudden my desktop disappered(said cleaned) and lost all XP function except I had Adware & Superspyware on my toll bar (still showing) so I ran both softwares and SS show 2ea DisableTAskbar(which I deleted) when the program stopped. i rebooted then have the original Malware problem. I can get to any of my program, files, or folders.You have Malwarebytes on the system now, along with SAS, but they won't run a scan? They will run scan as explained above but will not clean the orginal Malware

What happens when you try? Error message? What? i haven't tried to run again sicne the SS found the 2es DisabledTaskbar files. Adwware found nothing. My computer will not allow me to get to Malwarebytes etc.How does the fact that you cannot access the internet now relate to malware? What happens when you try? Exploere says connection problem and nothing happens.

What are the symptoms you are actually having now-other than failure of the above. Can't see any files, programs, foldes, no internet, desktop gone.I will be glad to try and guide you, but you will need to be more specific. I need to know what happens in order to try and have you do something that might help.
==========================================
Edit: quoted instruction post has been deleted by Bobbye

 

[Bobbye]

Now you are giving me something to work with!

For the missing icons, programs, files, etc:
Download Unhide.exe and save to the desktop.

• Double-click on Unhide.exe icon to run the program.
• This program will remove the +H, or hidden, attribute from all the files on your hard drives.

Note: this does not remove the malware itself and may not restore everything yet.
========================================
Please do the following to help you run other programs:

Boot into Safe Mode

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode with Networking option when the Windows Advanced Options menu appears, using your up/down arrows to reach it and then press ENTER.

This infection may change your Windows settings to use a proxy server that will not allow you to browse any pages on the Internet with Internet Explorer or update security software, we will first need need to fix this: Launch Internet Explorer

• Access Internet Options through Tools> Connections tab
• Click on the Lan Settings at the bottom
• Proxy Server section> uncheck the box labeled 'Use a proxy server for your LAN.
• Then click on OK> and OK again to close Internet Options.

===============================
This malware frequently comes with the TDSS rootkit, so do the following:

• Download the file TDSSKiller.zip and save to the desktop.
  (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
• Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
• Double click on TDSSKiller.exe. to run the scan
• When the scan is over, the utility outputs a list of detected objects with description.
  The utility automatically selects an action (Cure or Delete) for malicious objects.
  The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
• Select the action Quarantine to quarantine detected objects.
  The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43, Save and post the log.
• After clicking Next, the utility applies selected actions and outputs the result.
• A reboot is required after disinfection.

====================================
If TDSSKiller requires you to reboot, please allow it to do so. After you reboot, reboot back into Safe Mode with Networking again
====================================
To end processes that belong to the malware, Please download and run the tool below named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 3 different versions. If one of them won't run then download and try to run the other one. (Vista and Win7 users need to right click Rkill and choose Run as Administrator)

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

• Rkill.com
• Rkill.scr
• Rkill.exe
  
• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• If the tool does not run from any of the links provided, please let me know.

Do not reboot until instructed. as it will start the malware again
==================================
You will run another scan with Mbam, after it updates, but this time, on the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.

When scan has finished, you will see this image:

• Click on OK to close box and continue.
• Click on the Show Results button.
• Click on the Remove Selected button to remove all the listed malware.
• At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.

========================================
TDSSKiller
RKill
New Malwarebytes
======================================
Next time you ask for help for malware, give the information you gave in answer to my questions. As far as running Mbam but having the malware 'come back' after you rebooted> it didn't> it was still on the system.

The scans above should help. They may not remove all the malware, but cleaning is an orderly process and must be done correctly. If you have a problem with an of the scans, please let me know what it is.

You do not need to quote my instructions.