malware rootkit infection

Encore Encore software pc tools spyware...
October 14, 2009 at 21:09:47
Specs: Windows XP
I was surfing the web as I have always done in the past 8 years I have had my desktop....it has served me well over the years and I have treated it well. It became infected with a virus this week, and I have to say it was like my child was taken from me. My life is on that desktop and while I may not get it back, I would like to get the files onto another computer so I do not have to buy all those programs again...
What is happening. ..
I was looking at photos of a facebook friend. Then a pop-up from spyware doctor came up and said it was a potential danger, do I want to bolck? I clicked block and it went away, secs. later I get another one and I click block, then another, block...all of a sudden I get several in a row and I can do nothing...then my computer starts to shut down...it reboots itself...
I then try to run spyware doctor to see what happened...access denied...the program was completely disabled. my harddrive also sounded like it was running on overtime...I went to access task manager via Ctrl, Alt, Delete and I was denied by the admin...
I then try to go download a new spyware program...I download it, and install it...it runs for a few and shuts down then access is denied.
I tried doing this with Malwarebytes, search and Destroy and others...all download without issue...start, shut down, access denied.
I then do so research and found a way to get to my task manager by typing a code into the "Run" from the task bar, (sorry, do not remember code) but I now have access to it.
I mostly work in safe mode, because when I try to boot in normal mode, I only get my wallpaper....no task bar, no Icons...all of these re-appear when I go into safe mode. So I then go into safe mode with networking and try to do an online scan from a website...I get to the website and then when I click to go to the scan...it goes to the page and shows only codded text....no download....
I was finally able to regain permissions for some programs from safe mode...when I did this and rebooted in normal mode, avast (which I also downloaded) finally started a preboot scan of my entire system...this took a few hours...when it was done I booted in normal mode , got the taskbar back, and my icons...everything looked normal...programs came up as normal...then poof...everything shut down again and the computer shut off...I am at a complete loss as to what to do...I can not even do a hijack this log...
please help me...I am on my laptop for now until I get my desktop system back up and running. The computer is a dell from 2002 running windows XP fully updated etc. Like I said, this has served me well up until this moment...I do not want it to end this way!!!!
Thank You in advance for your help.


See More: malware rootkit infection

Report •


#1
October 16, 2009 at 09:38:40
In safe mode, download the following programs:

MalwareBytes Anti-Malware (http://www.malwarebytes.org)
Dr. Web CureIt Free (http://majorgeeks.com/Dr.Web_CureIT_d4783.html)
and OTListIT2 (http://oldtimer.geekstogo.com/OTListIt2.exe)

Save these to your desktop. While still in safe mode, install and run MalwareBytes. It should scan your system. Clean/remove any threats found. if it asks to reboot, do it.

When the system reboots, go into safe mode again and run Dr. Web. Let it do a quick scan and clean any infections found. Reboot again.

Try to enter into normal windows mode this time. If you are able to get into windows under normal mode, try running Dr. Web again.

If there are no further infections detected, run another MalwareBytes scan. If it too comes up clean, then you should be ok.

If either scan comes up with problems, clean/remove them, reboot again, and do another scan.

If the same items keep showing up on the scans or if you still cannot boot into normal windows mode, run OTListIt2 and copy/paste the 2 logs back here so we can see what kind of infection you have.

Please let me know BEFORE you start this if you have any questions or if you don't understand something.

I do this in my spare time, so please understand that I may not be able to respond quickly to your posts, but I will follow up as soon as possible. Thanks!


------
MOS Master Certified
MCP Certified
CCNA Certificate Pending
A+ Certificate Pending

"I have gone to find myself. If I get back before I return, please tell myself to wait." :


Report •

#2
October 16, 2009 at 10:25:05
I fully understand you do this on your own time and I appreciate it very much. Time is all we have, so I can wait. As for Malwarebytes in safe mode, I had already done it before posting here and whatever virus I have disabled it. This is also the same with otlistit2, disabled. any virus program I download it disables. I did go into properties by right clicking the windows folder and took back ownership of the folders but still nothing. I gave up for the evening. The next morning I try to boot up into safe mode. after logging in it shows the windows wallpaper only, no taskbar, no icons. Within 5 seconds it shuts windows off and goes back to the log in screen. This happens in both Safe and Normal mode. I am not sure what is happening, but I pertty much have no control over it. I am typing this from my laptop. I have no idea where my xp windows System disk is now, it has been many years since I even needed it. At his point I am ready to give up on it, the computer has served me well, but I want to get my files, photos, and programs off there and onto a new computer. is this even possible? BTW if I leave the computer on while on the login, the Windows screensaver comes on, if that tells you anything. I move the mouse and it bring up the log in screen again.

Report •

#3
October 16, 2009 at 22:59:58
Thanks for understanding. I usually post that any time I give major suggestions because I have had people PM me several times the same day when I don't get a chance to look at their responses immediately! :)

When you say it disables the programs, do you mean that it does not let them run or that it crashes them after they start to run? Does it give you an error message when you try to run the programs and if so, what is the exact wording of the message?

Because we have not been able to get an accurate scan of the system, we cannot be certain that whatever files you have on the machine that you wish to transfer off will be uninfected.

There may be another way to get some info on what we're dealing with but it is an advanced technique. Please let me know if you have answers to the above questions and if we have no other possible ways to get at this thing, I will give some info on what the next steps can be and see if you are comfortable with them.


------
MOS Master Certified
MCP Certified
CCNA Certificate Pending
A+ Certificate Pending

"I have gone to find myself. If I get back before I return, please tell myself to wait." :


Report •

Related Solutions

#4
October 17, 2009 at 06:42:54
get into safe mode and set the pc to not restart after a shutdown. Then post the exact error message that comes up next time it shuts down.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#5
October 17, 2009 at 15:08:46
The exact wording was something to the affect of...Not able to access this program(s) because you do not have permission by the admin. or something like that. This would happen with any anti-virus I download and tried to run a 2nd time. the first time the program would come up, but the shut down with no error message. Also one other thing. I was able to download regrun? It did a full system scan on boot up and saved the file to me desktop...problem is now i can not get to the desktop. I follow advanced instructions well...if I do not understand what you are telling me to do I will let you know. I will try the "get into safe mode and set the pc to not restart after a shutdown. Then post the exact error message that comes up next time it shuts down" and let you know what happens. again, thanks for your help...


Report •

#6
October 17, 2009 at 15:16:30
here is the error message I got when I set in safe mode to not restart:
EXPLORER.EXE - APPLICATION ERROR
the application failed to initialize properly (0xc0150002) click on ok to terminate program
windows does not shut down. it shows my wallpaper, no task bar, no icons...just the error message. if I click ok, it shuts down. is this what you were looking for?

Report •

#7
October 22, 2009 at 08:09:25
Hi there, just making sure you all got my message????

Report •

#8
Report •


Ask Question