help don't know how I got this

Compaq deskpro pc / Sr1830nx
December 3, 2009 at 18:30:22
Specs: Windows XP
somewhere I picked up a file that loads when I load my computer.I've tried to get rid of it and everything I try to click on a message comes up warning me of infected files and I need to load my antivirus program.I click it and it goes to a webpage.Antivirus System PRO.i Never downloaded this i don't know where it came from .I can't get rid of it .I tried to restore but MY program won't open.WINdows security says my antivirus needs to update but it is updated.I use Avast

See More: help dont know how I got this

Report •

December 3, 2009 at 19:09:08
You may need to download the to a usb drive or cd and run it on the infected computer but first try to run it from the infected computer.

Please download Rkill from the following link.


Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. This link will help you disable them:

Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)

A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.

If nothing happens or if the tool does not run, please let me know in your next reply.

This baddie can change your IE settings. Go to start> control panel> internt options, go to the connections tab, click on LAN settings. Set to detect automatically, and uncheck the proxy setting (if you are not running a would know).

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.


1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.

Please post the contents of both logs (in separate post) in your next reply.

Download Gmer.exe from the following link.


1. Disconnect from the Internet and close all running programs.
2. Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
3. Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
4. Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
5. GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
6. If you receive a WARNING!!! about rootkit activity and are asked to fully scan your NO.
7. Now click the Scan button. If you see a rootkit warning window, click OK.
8. When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
9. Click the Copy button and paste the results into your next reply.
•Exit GMER and re-enable all active protection when done.

Report •

December 4, 2009 at 05:12:44
Download MalwareBytes anti-malware or SuperAntispyware. Install, update and run a full system scan.
MalwareBytes anti-malware:

Report •

Related Solutions

Ask Question