Wicked malware, please assist

[hashtoker]

Ok first of all would just like to thank you all for past help on many other topics. I did not in those cases need to become a member I could simply apply your fixes... but in this case I am not able to attempt the fixes suggested. This malware has previously been advised on for a few others but I will refresh as mine has an added bonus problem. I bought my computer from an old friend. The operating system was already installed and I had no problems... I recently joined netflix and needed wmp v. 11 to run online movies to my big screen tv via s-vid. I do not however have wga (windows genuine advantage). I attempted to download from my usual torrent site and added an item to my system registry hoping to block this and be able to install wmp v.11 before windows realized it was being geeked. Turns out not only did I get wmp v.11 from doing this but also some wicked malware. The errors I receive on start up are "nt kernal error 1256 kmode exception not handled" and wxyz.sys kernal debugger using com2 (port 0x28f, baud rate 192000), another error microsoft visual c++ runtime library c:docume~1\user\locals~1\temp\dlwixoq1.exe. I also get failed messages regarding files ifexoowz.dll and bmdfmlvj.dll but am unable to locate and quarantine. Beyond this problem I have ZoneAlarm constantly popping up with its anti spyware asking me to perform action on an item, description not-a-virus:adware. I cannot view anything more being as we move on to my next problem.... my C:drive 40gb is just to hold my system, I have a 200gb for files, currently my 40 gig is full of these tmp files labeled pos1a-posfff. I cannot do anything on that cpu as when I give it an internet connection and attempt to do all the things listed in the "prerequisite to posting about malware" thread I get a unstoppable popup leading to literally a nothing website. Down to my questions though I can explain more about the problem if needed...; Is there anything I can do to try and repair this or am I better off dumping the drive and reinstalling my op sys? Is there a way to burn in safe mode (I have thousands of pics saved on that 40 gig drive)? Is my other hard drive infected? or will I be able to just dump the op sys drive and keep the other? This is driving me crazy as I have been attempting to fix this for the past week and just tonight pulled out my gf's old school desktop to try and resolve (the mal'd comp is still hooked up and I can attempt a troubleshoot from here if needed). Thanks in advance for reading through this even if you only learn from it and can't assist.

 

[kimsland]

==>Viruses/Spyware/Malware, preliminary removal instructions<==

And please break up your paragraphs in next posts.

Oh Welcome to TechSpot too :wave:

 

[hashtoker]

I have this printed out

I cannot access the internet and when I attempt to install any of these programs...(which I have saved on a disc). I get failed to install. I wouldnt be here if I hadnt attempted the advice from previous posts.

 

[kimsland]

OK I read it 3 times (a little more thoroughly this time)

Go to Safe mode
Run msconfig
Untick everything
Restart

Hopefully you are able to access Normal mode.

In Normal mode either backup to another drive; or dvd or flash or where-ever you can - virus and all

Once everything is backed up
Format low level, or re-image or re-install Windows
Once Windows is all OK, installl Antivirus and Spybots and any other good live protection program
At last return your backups (hopefully all the virus and spyware will be picked up by your resident protection programs.

 

[hashtoker]

thanks

good idea kim ty. will let you know if it worked!

 

[hashtoker]

ended up having to reformat both drives =\. was still a good idea and thanks for the help

 

[kimsland]

Thanks for the update