|I got malware or a virus. My wallpaper changed to say that I have a critical warning. The exact desktop message reads: "YOUR SYSTEM IS INFECTED! System has been stopped due to a serious malfunction. Spyware activity has been detected. It is recommended to use spyware removal tool to prevent data loss. Do not use the computer before all spyware removed."|
I managed to get rid of the desktop message (using AntiVir until the scan stopped for no apparent reason. The scan did not complete and I can't get it to scan again.) Under Desktop, the "critical_warning" file still appears in the list. The current wallpaper is the blue screen without the message written out above and I can't change it because this Desktop/Background page is locked up.
My homepage was changed (to google, oddly). I cannot access system restore, nor can I use Malewarebytes or other antivirus programs because I get a message that reads: "Windows cannot access the specified file. You may not have permissions to access the item." I have AntiVir PE Classic, which also won't fully run (it starts scanning, then stops).
Fortunately, I have a desktop so that I can post here and try to resolve the problem. Would someone please walk me through fixing this problem? Thank you very much!
Someone asked me to run the following report:
ROOTREPEAL © AD, 2007-2009
Scan Start Time: 2009/08/27 14:44
Program Version: Version 126.96.36.199
Windows Version: Windows XP SP3
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9B08000 Size: 98304 File Visible: No Signed: -
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B46000 Size: 8192 File Visible: No Signed: -
Image Path: C:\WINDOWS\System32\Drivers\hiber_WMILIB.SYS
Address: 0xF7BC4000 Size: 8192 File Visible: No Signed: -
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8406000 Size: 49152 File Visible: No Signed: -
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xF78B6000 Size: 20480 File Visible: No Signed: -
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xA9CCF000 Size: 61440 File Visible: No Signed: -
PID: 3920 Status: Hidden from the Windows API!
#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf7d17ebc
#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xf7d17ea8
#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xf7d17ead
#: 173 Function Name: NtQuerySystemInformation
Status: Hooked by "C:\WINDOWS\System32\Drivers\Beep.SYS" at address 0xf78201a0
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xf7d17eb7
#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0xf7d17eb2
She then told me I had Max++. I tried to run a DDS log, but nothing happened when I did. So I guess I will not be able to produce a log. Can someone please help me?