Max++ - can anyone help?

Dell / Dimension xps
August 28, 2009 at 11:58:28
Specs: Microsoft Windows XP Professional, 3.79 GHz / 2046 MB
I got malware or a virus. My wallpaper changed to say that I have a critical warning. The exact desktop message reads: "YOUR SYSTEM IS INFECTED! System has been stopped due to a serious malfunction. Spyware activity has been detected. It is recommended to use spyware removal tool to prevent data loss. Do not use the computer before all spyware removed."

I managed to get rid of the desktop message (using AntiVir until the scan stopped for no apparent reason. The scan did not complete and I can't get it to scan again.) Under Desktop, the "critical_warning" file still appears in the list. The current wallpaper is the blue screen without the message written out above and I can't change it because this Desktop/Background page is locked up.

My homepage was changed (to google, oddly). I cannot access system restore, nor can I use Malewarebytes or other antivirus programs because I get a message that reads: "Windows cannot access the specified file. You may not have permissions to access the item." I have AntiVir PE Classic, which also won't fully run (it starts scanning, then stops).

Fortunately, I have a desktop so that I can post here and try to resolve the problem. Would someone please walk me through fixing this problem? Thank you very much!

Someone asked me to run the following report:

ROOTREPEAL © AD, 2007-2009
Scan Start Time: 2009/08/27 14:44
Program Version: Version
Windows Version: Windows XP SP3

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9B08000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B46000 Size: 8192 File Visible: No Signed: -
Status: -

Name: hiber_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\hiber_WMILIB.SYS
Address: 0xF7BC4000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8406000 Size: 49152 File Visible: No Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xF78B6000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xA9CCF000 Size: 61440 File Visible: No Signed: -
Status: -

Path: C:\WINDOWS\system32\braviax.exe
PID: 3920 Status: Hidden from the Windows API!

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf7d17ebc

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xf7d17ea8

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xf7d17ead

#: 173 Function Name: NtQuerySystemInformation
Status: Hooked by "C:\WINDOWS\System32\Drivers\Beep.SYS" at address 0xf78201a0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xf7d17eb7

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0xf7d17eb2


She then told me I had Max++. I tried to run a DDS log, but nothing happened when I did. So I guess I will not be able to produce a log. Can someone please help me?

See More: Max++ - can anyone help?

Report •

August 28, 2009 at 12:38:57
Try running Trojan Remover, it is fully functional for 30 days
That will help in clearing up some of the infections.
If you have a rootkit problem, you can try unhackme, free and works great

Some HELP in posting on plus free progs and instructions Cheers

Report •
Related Solutions

Ask Question