Virus Help Needed

Microsoft Windows xp professional w/sp2
December 6, 2009 at 01:12:08
Specs: Windows XP SP2, AMD Turion 64 1GB RAM
Hi. About 2 hours ago a virus scanner popped up in the system tray while i was surfing the net. It started scanning saying it found hundreds of problems. I immediatly knew this was a fake so i shut it down. Then when I went back to the internet nothing would open cos it was saying the sites were containing virus'(google). So i restarted my computer, deleted temp files. But my screen goes blank when i restart normally. So Im now in safe mode and ran a noron online scan and microsoft removal tool. They said they couldnt find anything but my computer wont restart normally. before going blank i caught a gklimpse of a blue error screen. So i decided to reinstall windows using the I386 folder, but now i have 2 OS installed and the new one needs activating, but I cant connect to the net on that one and it doesnt have anytthing on in(IE, Outlook etc.) so i have resorted to using the old install in safe mode. System restore wont work either just says it couldnt complete. I cant open ACER erecovery either and norton wont run a proper scan cos im in safe mode.I tried Start>>Run>>naw32 /L but it didnt do anything. Anyone got any suggestions or ideas? Please Im desperate to solve his!

See More: Virus Help Needed

Report •

December 6, 2009 at 06:57:29
Reboot into safemode with networking, if you are not already there and run these scans if possible.

You may need to download the to a usb drive or cd and run it on the infected computer but first try to run it from the infected computer.

Please download Rkill from the following link.


Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. This link will help you disable them:

Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)

A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.

If nothing happens or if the tool does not run, please let me know in your next reply.

Please download exeHelper to your desktop.
Double-click on to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.


1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.

Please post the contents of both logs (in separate post) in your next reply. It may take 3 to 4 post to get the entire log to us.

Download Gmer.exe from the following link.


1. Disconnect from the Internet and close all running programs.
2. Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
3. Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
4. Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
5. GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
6. If you receive a WARNING!!! about rootkit activity and are asked to fully scan your NO.
7. Now click the Scan button. If you see a rootkit warning window, click OK.
8. When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
9. Click the Copy button and paste the results into your next reply.
•Exit GMER and re-enable all active protection when done.

Report •
Related Solutions

Ask Question