Usually able to fix virus problem... but finally beaten

[jsmitharine]

I have usually been able to fix a virus problem on my laptop, whether it be by system restore, deleting root virus/spyware files, or complete XP re-install, but for once, I have considered myself beaten. I'm begging for help, I feel like the only thing left is to buy a whole new laptop. I've been looking around, and try to follow the directions for other virus problems people have had, but have always been hindered in one way or another here are my laptop's symptoms. Please help.

Symptoms:

-Desktop wallpaper automatically changed to blue wall with "Warning: Spyware threat has been detected on your PC...Your computer has several fatal errors due to spyware activity...It is strongly recommended to install an antispyware software to close all security vulnerabilities." There is also this link on the wallpaper that basically leads to what I think is just more spyware.

-Constant popups on taskbar that tell me that my computer is running slow due to spyware, which I'm also sure only leads to more trouble

-Task manager is disabled

-REGEDIT is disabled

-I cannot download anything off of the Microsoft website

-Any of the major anti-virus websites are disabled

-My google searches are rigged...clicking on any link leads to ads

-Updating anti-virus software is disabled

I started a re-installation process for XP but when it restarts, I get a black screen with a blinking white underscore and nothing happens anymore.

I have Search & Destroy, Avast, and AVG but it hasn't seemed to do the trick as they are in base form and I cannot update them.

PLEASE. HELP.

 

[hrlow2]

You need to boot into Safe Mode and do your scanning from thereWhatever you do,do NOT click on anything that is suggested by your screen.

 

[gguerra]

What you probably have is rogue malware. By rogue I mean boggus, it''s not a real virus/trojan. Malwarebytes is very good at removing these type of infections. You should run it in safe more.. As far as the desktop wallpaper you can fix that once the malware is gone. Right click on desktop, properties, Desktop, customize desktop, Web, uncheck any entries. This will restore your desktop to your original settings

 

[Bobbye]

You are describing symptoms of several different malware connections:

Please read and follow this. When through, please attach all 3 logs for review:
https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

NOTE: Do NOT use system Restore while cleaning. Malware can get into the restore points and since they are protected files, the programs do no remove them. After cleaning is complete, we will have you remove the old restore points and set a new clean one.

EDIT: Please switch over to the Security Forum for the cleaning and posting of logs.

 

[jsmitharine]

Hey guys, thanks for the help. I managed to stop the automatic desktop change and the immediate pop up ads. But I still can't update my anti-virus software, download anything off of Microsoft, and all major anti-virus sites are blocked so I can't even download SUPERantispyware or Malwarebytes. Any ideas?

Note: I'm about to post the log for HijackThis in the Security Forum under the same title.

 

[gguerra]

Have you tried the download/scan in safe mode? Safe mode w/networking should prevent most/all viruses from running. If the problem persists you can try a winsock fix. However you need to be able to download stuff before you can do anything

 

[jsmitharine]

I had the downloads and scans in safe mode but no luck. Malwarebytes downloaded and installed but crashed and I can no longer start or uninstall it. SUPERantispyware downloads fine, but when I start the installation, it crashes as well.

I was recently able to re-enable task manager and registry editor. Is there a way to look up the processes, locate them, and delete them? Or is that too timely and delicate a process?

 

[gguerra]

While in safe mode open up task manager, click on the processes tab and list the running processes here. There should not be that many processes while in safe mode. Also another thing you have not tried or mentioned is a different browser. Try firefox or something else besides IE

 

[jsmitharine]

Alright so I started the computer in safe mode. Here is the task manager list, in parenthesis are the "users" that weren't by me.

svchost.exe (LOCAL SERVICE)
svchost.exe (NETWORK SERVICE)
taskmgr.exe
svchost.exe (SYSTEM)
svchost.exe (NETWORK SERVICE)
svchost.exe (SYSTEM)
lsass.exe (SYSTEM)
services.exe (SYSTEM)
winlogon.exe (SYSTEM)
csrss.exe (SYSTEM)
explorer.exe
smss.exe (SYSTEM)
System (SYSTEM)
System Idle Process (SYSTEM)

Also, I have only been using firefox. IE windows would pop up with the ads before but I think that Avira cleaned it up.

 

[gguerra]

Everything looks ok on your list. at this point I think your problems may not be due to malware
You may have some corrupted junk files and/or registry entries
try ccleaner and run the regular cleaner as well as the registry scanner
download here http://www.filehippo.com/download_ccleaner/download/e70f585402395f82fa7a1cfd4f959582/
also while your at it try winsock fix which may fix your connectivity issues. it certainly wont hurt anything to run it.
download here http://www.snapfiles.com/php/download.php?id=107303&a=7120710&tag=1445888&loc=2
We'll go from there. after running both of these utils try re/uninstalling malwarebytes and/or SAS

 

[jsmitharine]

Ran both CCleaner and Winsock Fix but no luck with the re/uninstalling of Malwarebytes and SUPERantispyware. When I run Windows in Normal Mode, I look on the task manager and there seems to be a ton of processes running. I've run HijackThis too, would you know which to fix and which not to if I attach a log?

 

[gguerra]

Well the point is that when you run in safe mode it runs clean without any extra drivers, processes, or malware for that matter. When you listed the running processes I did not notice anything out of place. This leads me to believe that your problem may not be malware. I would look at some files being corrupted perhaps as a result of malware. You can post the HJT log but do it in the right section under security. In the mean time just for the hell of it run a chkdsk /r. It will fix any corrupted files (if any). In a command window type CHKDSK /R The system will want to do the chkdsk on the next restart which is fine, re-boot and let it do it's thing. The fact that you cannot install/uninstall certain programs seems very strange. Another option I could mention is scanning the hard drive using a boot CD, I know there is a way. I've never had to do this but you may want to ask in the other section.

 

[gguerra]

I found this site that may help
http://trinityhome.org/Home/index.php?wpid=1&front_id=12