Infection. Trouble following clean up steps

[mickie]

I have Vista and have just had the misfortune of being infected by Trojan s

I am trying to do a clean as described,. by following the recommended 8 steps..

My immediate problem is that after installing HJT and Malwarebytes' Anti-Malware I cannot open either of them ( Although they both did open briefly and then closed down shortly after running them for the first time)

now when I try to open the I get a message as follows :-

windows cannot open the specified device path or file you may not have the appropriate permission to acces the item


any help appreciated Mick

 

[Tmagic650]

What antivirus program were you running originally? Right-click on the program icon you are trying to open and choose "run as Administrator". Tell us what happens

 

[Zyldar]

I've seen some recent infections that cause malwarebytes, spybot s&d, and the rest to Close Down immediately after running them.

It turned out to be an infection in the registry at:
My Computer\hkey_clases_root\exefile\shell\open\command
The right side showed: (default) REG_SZ desot.exe, "%1" %*
It should only show: (default) REG_SZ "%1" %*
desot.exe and skynet.sys were the infections.
(it was on an XP operating system, but may have similiar affects in Vista)


For Vista, you have a few options:
1. You can run a system restore (not reformatting - just go back to an earlier date prior to getting the virus - dont go back to far or you'll have to install everying since that date back in your computer). I think the program is called RSTRUI.EXE in the system32 folder. Or you can get to it from the Start Menu in the system tools.

2. you can try to boot to a Boot Options screen to get to a command prompt. If you know date that you got the infection, you can search the Windows, Windows/system/, Windows/system32/, and Windows/system32/drivers folders & Rename all files with the date you got infected or newer dated files. (This can be dangerous to your operating system if you rename a needed file), so I don't recommend doing this unless you know what you're doing.
(( look for files with skynet or skynet.sys in the name ))

3. In Safe Mode, document the background running programs listed in Task Manager and report them here - list services & running programs.

If you can't run Task Manager, report that too, there are ways around that too.

Hope that helps.
Zyldar

 

[mickie]

Reply ..

I did try to right click and run as Admin and got the same message ,, as described
I was able to run task manager in safe mode :-

here are the processes..

chrome.exe
chrome.exe
csrss.exe
explorer.exe
taskmgr.exe
unsecapp.exe
winlogon.exe
wmpnscfg.exe


I also installed and updated Malwarebytes, then ran it in safe mode.... This also behaved the same way ... It opened then closed down very quickly and after that I was unable to open it. When trying to open it I got the same message as before... :-(

 

[mickie]

my Antivirus software at the time of infection

it was AVG

 

[mickie]

Paniky

I am getting a bit paniky because I have Photos and other stuff on here...

It seems to be getting much worse,,,

the lastest thing I just encountered was a new " Seemingly antivirous softwafre that initiated called "Total Security"


I still cannot do anything like install / run antivirous/malware exes ..


Any help would be welcome

 

[Tmagic650]

You will have to have you current hard drive removed and have a new clean drive with Windows installed fresh. Then you can have your prize pictures and any documents recovered off the old drive if possible

 

[Jawshh]

Download combofix>>> https://www.techspot.com/downloads/5587-combofix.html and save it to your desktop. Rename ComboFix.exe to Combo-Fix.exe . Run it.

 

[Bobbye]

ComboFix should never be run unless it is suggested by and guided by a trained malware helper. At this time, there are none available on TechSpot.

 

[Tmagic650]

"ComboFix should never be run unless it is suggested by and guided by a trained malware helper"...

You're so serious Bobbye

"At this time, there are none available on TechSpot"...

There will be soon. With all you "trained" malware helpers gone, us untrained malware helpers here on TechSpot, will be well trained soon

 

[mickie]

OK Guys ... I have given my Lappie to a mate who is dealing with it.... Thanks to all who bothered to answer me ....