Solved Virus that closed anti viruses

September 18, 2011 at 13:46:38
Specs: Windows XP, Pentium D 1.93GHz
The virus closes installation of Norton and Avast antivirus and it closes Spyware S&D which is already installed in my computer.I tried scanning my computer with 'Malwarebytes' Anti-Malware', and 'SUPERAntiSpyware Professional' both did not found the virus.The virus also removes my right to task manager and regedit , it also does allow me to show hidden files.So i suspect the virus may be a hidden file.Please help if possible i do not with to reformat my computer as i have alot of thing stored inside and no where else to store them.Also i recently cleared my system restore points i have nothing to restore to :(

See More: Virus that closed anti viruses

Report •

#1
September 18, 2011 at 16:12:16
Run Hijack This & post the log.

How do you know when a politician is lying? His mouth is moving.


Report •

#2
September 18, 2011 at 21:35:03
✔ Best Answer
zarkenpachi,

Please run the following tool, as it will provide information to work with in identifying the virus, and I will assist you in removing whatever is causing the problems.

Download DDS from one of these locations:
http://download.bleepingcomputer.co...
http://download.bleepingcomputer.co...

Save it to your Desktop

Double-click the dds file to run the program
When done, DDS opens two logs:
-DDS.txt
-Attach.txt

Save both reports to your Desktop.

Since these reports are large, please go to the Uploading website:
http://uploading.com/files/upload/

In: Select files to upload, click 'Browse', and 'Look in' the Desktop.

Select the DDS.txt, and click on 'Open'
You will see the following:
Your file has been uploaded successfully: (Name and size of the file)

Please copy the 'Download link'.

Do the same uploading for the Attach.txt.

Please copy the 'Download link', for each report, and provide them in your reply.

Thanks!

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#3
Report •

Related Solutions

#4
September 19, 2011 at 11:58:09
Perhaps the virus was gone but the damage lives on and you need to look for utilities or coding to restore functionality. Like regedit fix (just made that up) but there should be small programs that restore them.

Report •

#5
September 19, 2011 at 18:38:56
zarkenpachi ,

Let's take care of Task Manager, and Regedit...

Please go to to Start > Run

Highlight and copy each of the following (one at a time), and place in the Open area.
Then, click: Enter/OK after each one:


reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f


Next, download Unhide.exe to your Desktop:
http://download.bleepingcomputer.co...

If the file does not download, copy/paste the following link >without brackets< in the address bar of your browser:
[http://download.bleepingcomputer.com/grinler/unhide.exe]

For XP, double-click on Unhide.exe

Allow the program to run.

This program removes the hidden attribute from all the files on your hard drives.


Now, download iExplore.exe, a renamed copy of rKill:
http://www.bleepingcomputer.com/dow...

If the file does not download, paste the following, >without the brackets<, in the address bar of your browser:
[http://www.bleepingcomputer.com/download/anti-virus/rkill]

Save the file to the Desktop, and double-click on it.
Ignore any messages, and allow the file to run until the command window closes.


Download ComboFix:
http://download.bleepingcomputer.co...

Save ComboFix.exe to your Desktop!!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of CF.

Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through these links: http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/sec...

XP - Double-click on ComboFix.exe to run the program.
Follow the prompts.

XP users (only) - install the Recovery Console when presented the option!!

Click on ‘Yes‘, to continue scanning for malware.

When finished, CF produces a report.

Since this report can also be quite large, please go to the ‘Uploading’ website:
http://uploading.com/files/upload/

In: Select files to upload, click 'Browse', and 'Look in' the Desktop.
Select the ComboFix report, and click on 'Open'
You will see the following:
“Your file has been uploaded successfully: (Name and size of the file)”

Please copy the 'Download link', and provide it in your reply.

Notes:

1.Do not mouse-click the ComboFix window while it is running.
This action may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.

3. CF disconnects your machine from the internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#6
September 20, 2011 at 04:39:04
There is the link
http://uploading.com/files/fbee45a4...

As for my task manager and regedit they enable for the 1st few mins after i pressed in the commands after that they were disable once agian


Report •

#7
September 20, 2011 at 05:18:10
Why didn't you want to run hijack this, as I suggested 2 days ago?

How do you know when a politician is lying? His mouth is moving.


Report •

#8
September 20, 2011 at 08:49:16
zarkenpachi,

Be sure to continue temporarily disabling your AntiVirus and protective software so it does not interfere with this repair.


Please open Notepad (Start > Run, in the Open field type: notepad)
Click: OK

Copy/paste all the following text below to Notepad:

KillAll::
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=-
"DisableRegistryTools"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=-
"DisableTaskMgr"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=-
"DisableTaskMgr"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center] 
"AntiVirusOverride"=dword:00000000 
"FirewallOverride"=dword:00000000 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] 
"AntiVirusOverride"=dword:00000000 
"FirewallOverride"=dword:00000000


Save as CFScript.txt
Change the 'Save as type' to: All Files (*.*)
Save to the Desktop

(Both the ComboFix icon and the CFScript.txt must be on the Desktop, or this will not work!!)

http://img.photobucket.com/albums/v...

As shown in the image above, left click and drag the CFScript.txt file over to the ComboFix icon. Then, 'drop' it over CF.

This triggers ComboFix to run another scan where it carries out the commands of CFScript.

CF may reboot when it finishes. This is normal.

Do not mouse-click ComboFix while it is running, as iIt may cause a stall!

When finished, a log is produced: ComboFix.txt

Please upload the contents of the new ComboFix.txt to the Uploading website:
http://uploading.com/files/upload/

In: Select files to upload, click 'Browse', and 'Look in' the Desktop.
Select the ComboFix report, and click on 'Open'
You will see the following:
Your file has been uploaded successfully: (Name and size of the file)

Please copy the 'Download link', and provide it in your reply.

After you are done with the above, try to enable the viewing of hidden files and folders:
http://antivirus.about.com/od/windo...

After doiing all of the above, please provide some feedback as to what problems remain.

Thanks.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

Ask Question