Virus Closes All Programs and Non-Startup Processes

By sagapo3851 ยท 7 replies
Sep 29, 2010
  1. Hey everyone, I've got a problem
    This started a couple weeks ago, in the middle of me trying to start and finish an essay for my English class the next day. I've managed to get around it every day, but it's a rather large pain in the butt.

    As you can see in the attachment, it's called Microsoft Security Essentials, and it tells me that there's a trojan somewhere on my computer. The 'Close' button and the X, along with Alt+F4, all just make it close and reopen within a millisecond. It sort of looks like when you press F5 on the My Computer page. Anyway, it's there as soon as I log on every time, and I can't open any programs. It also doesn't let any processes start unless they're already dedicated Startup ones (ie, Norton Antivirus runs at startup, but Norton Ghost is set to run after I log on. It doesn't run now).

    I get around this by quickly pressing Restart, and then hoping a dialogue comes up (for ending a process, like CCAPP or something, then press Cancel to return to windows. As soon as I click Restart, the MSE window closes, and I have a (mostly**) fully functional computer again.
    When I press any of the option buttons on the MSE window, it tries to connect to the internet and install some more lovely viruses, however, because my computer is already so Broken/Messed Up/Dumb, it can't connect and gives me an error!
    I've already tried using Norton Systemworks, Spyware Terminator, and CCleaner to get this thing out, but they don't seem to be recognizing it as a threat. And since I can't even open Task Manager while it's up, I can't see what it's process is to delete it.

    Any help with getting rid of this would be really helpful
    I just previewed this post and saw that the attachment has ****'s instead of actual letters. I apologize. I was rather frustrated when I named that particular image.

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 54,257   +383

    Use different computer, if necessary, to download following files.
    Then, use USB flash drive to transfer files to bad computer.

    Please download and run the below tool named Rkill (courtesy of which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.scr
    * Rkill.pif
    * Rkill.exe

    • * Double-click on the Rkill desktop icon to run the tool.
      * If using Vista or Windows 7 right-click on it and choose Run As Administrator.
      * A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
      * If not, delete the file, then download and use the one provided in Link 2.
      * If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
      * Do not reboot until instructed.
      * If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run then try to immediately run the following.

    Now download and run exeHelper.

    • * Please download exeHelper from Raktor to your desktop.
      * Double-click on to run the fix.
      * A black window should pop up, press any key to close once the fix is completed.
      * A log file named log.txt will be created in the directory where you ran
      * Attach the log.txt file to your next message.

    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  3. sagapo3851

    sagapo3851 TS Rookie Topic Starter

    I ran and ExeHelper successfully and I tried to disable Norton from my Tray as shown in the link you posted, and I saw that my start bar has disappeared, as well as my desktop icons. Anything I minimize now just sits as little bars at the bottom of my screen, as though I resized them to be the smallest possible and left them down there.
    Any ideas?

    exeHelper by Raktor
    Build 20100414
    Run at 15:55:26 on 09/30/10
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.
    Ran as Christopher on 09/30/2010 at 15:54:36.

    Services Stopped:

    Processes terminated by Rkill or while it was running:

    C:\Documents and Settings\Christopher\Desktop\

    Rkill completed on 09/30/2010 at 15:54:50.
  4. Broni

    Broni Malware Annihilator Posts: 54,257   +383

    Have you tried to run Combofix at all?
  5. sagapo3851

    sagapo3851 TS Rookie Topic Starter

    I didn't do anything after that yesterday (my start bar and desktop icons were all gone so I didn't want to mess anything up more)
    But, I just turned on my computer and there was no virus in sight! So hopefully it stays that way, I'm going to run a few scans just in case

    Thanks a lot!
  6. Broni

    Broni Malware Annihilator Posts: 54,257   +383

    Well, I don't know what happened, or what you did, but I strongly suggest we continue our process.
    Let me know....
  7. sagapo3851

    sagapo3851 TS Rookie Topic Starter

    I just turned on my computer this morning, and there was the virus
    so I immediately opened the Task Manager software I have (don't remember the author, but it shows ALL the tasks running in your system, and highlights malicious ones) and there was one there called something along the lines of "hitfix.exe" with the description of "Microsoft Security Essentials." I was wondering if I should quarantine it, or go for the permanent removal, and my Norton program popped up saying that it has recognized hitfix.exe as a threat and it should be scanned. So I quarantined it through the Task Manager, and then scanned with Norton. Norton also quarantined it, and I deleted it through there.
    All seemed good.
    But then Norton just popped up again saying there's another file that's a problem (it's a related file) so I'm scanning now.

    Should I continue the process you detailed from where I left off? or should I start over?
  8. Broni

    Broni Malware Annihilator Posts: 54,257   +383

    Please, run all steps from my reply #2.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...