WIn32 Heur, AVG erased automatically aprox 1000 files

[Runefaust]

Hi all. First of all thank you for the wonderful work you all do. It sure is helpful.
I'll explain my problem. AT first, I came across this sit, and soon after I started following the 8 step guide you guys have. Thing is, my AVG had in its Shield Resident "erase files immediately", so after the mandatory computer boot, explorer.exe wont show up in the process window, and my desktop doesnt show up or anything. I managed to connect here manually executing firefox. Can you help me, first managing to get my desktop back up and then getting rid of this virus?
Thanks in advance

 

[Bobbye]

Can you boot into Safe Mode?
Reboot the computer> let the logo load> AFTER the logo BEFORE Windows begins to load, start tapping the F8 key and continue tapping until Safe Mode comes up.

Once there:
* Launch AVG Anti-Spyware.
* From the "Status" menu, select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
* Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".

Boot back into Normal Mode and run the cleaning programs. When finished, attach the three logs for review.

 

[Runefaust]

Thanks for replying. I tried in safe mode too and "last known configuration to work", but they both gave the same result: a completely blank wallpaper with no menu bar or icons in the desktop.

Did the AVG Anti-Spyware thing, and well, it found 36 infections. It deleted them, but when I reboot back to Normal Mode, I get something along the lines of this:
"Instruction in 0x006b6b97 references to memory in 0x0000000c, memory can't be read", and the blank desktop is still there.
Oh, and I forgot to add, before this happened (the blank desktop) I started to run the 8 step thing, and ran twice the CCleaner. After that, I coudlnt continue

Please help, I can't even update Malwarebytes Anti Malware

 

[kritius]

@ Bobbye,

Maybe do an online scan, find out what exactly is infected?

 

[Bobbye]

There are a lot of people with malware- many more than there are helpers, so please be patient.

You misunderstood my AVG Spyware instructions. I didn't want you to run it, I wanted you to shut down the Resident Shield!

* From the "Status" menu, select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
* Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".

You were suppose to go into Safe Mode to do that.

kritius, we were posting at same time. Got to find out if the system can be accessed at all!

 

[Runefaust]

I'm sorry if I came out ad impatient, I'm just really scared about this. I did run the AVG Spyware and after the scan and clean, I shut down the Resident Shield, IN safe mode. Still, wouldnt let me see Desktop in normal mode. And, I dont know how to uncheck the "Start with Windows" option, since there's no visible system tray, not even in Safe Mode

 

[kritius]

Good point, does starting explorer manually work?

ctrl alt del, new task "explorer.exe"

 

[Runefaust]

I tried, both in Safe Mode and Normal mode, and says that windows couldn't find the file

 

[kritius]

Thats not good.

It looks like explorer.exe may have become infected and was deleted.

Would suggest running a repair installation and get the missing files back.

 

[Runefaust]

OK, any suggestions on which programs I could use for that?

 

[kritius]

Perform a Repair Installation
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/doug92.mspx

 

[Runefaust]

OK, the repair installation failed, but I managed to download another explorer.exe file. Thing is, it wont let me update Malwarebytes because I can't change the firewall setting. Whenever I try to change it, it says rundll32.exe is missing

-------------

I now can't install or uninstall any programs, thus preventing me from doing the 8 steps, and firewall settings are completely off liumits to me now, both in Safe Mode and iNormal Mode. I only managed to get an un updated Malwarebytes log before the installing was prevented. Please, pease help me

 

[Bobbye]

We will do what we can to help. It will be to your advantage to read carefully what we tell you and to follow the directions on the cleaning programs.

Unfortunately, you did not check this when you ran Malwarebytes:

* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.

When that isn't done, the malware entries, although found, weren't removed. show:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> No action taken.

The system is badly infected with malware. Even if it can be cleaned, it's going to take additional special cleaning programs. Going by the system symptoms and the malware I see, I strongly suggest you follow what ktitius has suggested: Do a Repair Install. If this does not work, you will likely have to reformat and reinstall the operating system.

You say that failed- how? what happened?

 

[Runefaust]

it said some files were corrupted, and that there was a critical error. I guess I'll just reformat and reinstall. Thank you very much for the help, anyways

 

[Bobbye]

firewall settings are completely off liumits to me now,

I assume this means you got a message telling you to contact the Administrator- this means you have a policy issue.

Good luck with the reformat/reinstall.
I'm not convinced that's the only option you have, but troubleshooting isn't something you want to do.