Inactive Virus -- cannot install Malwarbytes

[camaspaperracer]

Here's the situation:

Contracted a virus on my PC (Windows 7). When I boot up my computer, it gives me a desktop with just the basic stuff (My Computer, Recycle Bin, etc.), no background, and nothing in the start menu.

I tried booting into Safe Mode and installing from a flash drive the free version of Malwarebytes Anti-Malware, but it gives me an extremely generic error: "Access is Denied." It then ends the install.

Since then I have installed and run Spyware Bot Search and Destroy and fixed the errors it has found. Now when I try to boot up the computer (not in safe mode) it just gets stuck at the HP loading screen.

I'm not so concerned about the failure to boot to regular mode. I feel that if I can run Malwarebytes in safe mode (which still works) then I can fix everything. The only problem is that I can't install the program. I think the virus may have messed with some sort of permissions?

Please help me so that I can install Malwarbytes!

 

[Bobbye]

Welcome to TechSpot! I'll help with the problem.

We can get Malwarebyes running, but it's not likely that that program by itself is going to 'fix' everything. Let's try to help the 'symptoms' first:

1.Boot into Safe Mode with Networking

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode with Networking option when the Windows Advanced Options menu appears, and then press ENTER.

Note: If you can't get the Safe Mode with Networking, just use Safe Mode for the 'cosmetics' below.
========================================
Do a System Restore to the date closest to right before you ran Spybot Search & Destroy. I want to undo whatever 'errors' it removed. We seldom do a SR in malware cleaning, but sometimes it's necessary.
=======================================
2.Begin the following after the restore:

Press Windows+R key> type cmd> OK

If you're desktop is blank and unable to right click on it ,run this command

Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDesktop[/b]

Press Enter

If your task manager is disabled,copy and run this command

Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr

Press Enter
---------------------------
If you still can't see enough to work with, run the following:
Download Unhide.exe and save to the desktop.

• Double-click on Unhide.exe icon to run the program.
• This program will remove the +H, or hidden, attribute from all the files on your hard drives.

====================================
Note: None of the above removes the malware itself- only the attributes causing what appears to be 'missing.' So it is important that you continue with the cleaning.
==============================
Stay in Safe Mode with Networking:
3. To end the processes that belong to the rogue program:
Please click on RKill

• At the download page, click on Download now button for iExplore.exe download link and save to the desktop
• Double click on the iExplore.exe icon
• Please be patient- it may take a bit.
• The black Window will close when through and you can continue.

Note: If you get a message that RKilll is malware, ignore it> it's from the malware.
=======================================
Do not reboot your computer after runningRKilll as the malware programs will start again.
================================
Try to run Malwarebytes now. IF you get the access denied message again, stop here and let me know.
=============================
4. This malware frequently comes with the TDSSrootkit, so do the following:

• Download the file TDSSKiller.zip and save to the desktop.
  (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
• Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
• Double click on TDSSKiller.exe. to run the scan
• When the scan is over, the utility outputs a list of detected objects with description.
  The utility automatically selects an action (Cure or Delete) for malicious objects.
  The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
• Select the action Quarantine to quarantine detected objects.
  The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43 Save log and post in next reply.
• After clicking Next, the utility applies selected actions and outputs the result.
• A reboot is required after disinfection.

====================================
If TDSSKiller requires you to reboot, please allow it to do so. After you reboot, reboot back into Safe Mode with Networking again
====================================
5. Update and rescan with Malwarebytes:

• Select Perform Full Scan on the Scanner tab
• Click on the Scan button.
• When scan has finished, you will see this image:
  
  
• Click on OK to close box and continue.
• Click on the Show Results button.
• Click on the Remove Selected button to remove all the listed malware.
• At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.

==============================
6. Correct Display Changes if needed:
If the desktop background is black or if the theme has been removed:
For Windows XP: Click on Start> Control Panel> Display> change theme and/or background if needed.
For Windows Vista or Windows 7: Click on Start> Control Panel> Appearance & Personalization> Select Change Theme or Change Desktop Background
=====================================
7. Some items may not show on the Start menu. To add them back:

• Right click on Start> Properties
• Taskbar and Start Menu Properties screen appears
• choose Start Menu tab> Click on Customize
• For Windows XP> Choose Advanced tab
• Check the items you want back on the Start Menu
• When finished> click on OK> Apply and close.

====================================
You can now reboot back into Normal Mode.
======================================
Please refer to this now and complete what hasn't been done:Follow these steps: Preliminary Virus and Malware Removal.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

If you ran Mbam above, you do not need to repeat it now.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Leave logs for TDSSKiller, Malwarebytes and 2 from the DDS scan in your next reply.
==========================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
====================================