Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 1 of 1 Posts

·
Registered
Joined
·
210 Posts
Discussion Starter · #1 ·
Good Morning All,

I have been trying for two straight days to rid my plagued system of malware. It all began with some sort of rogue spyware that installed itself and immediately began bombarding me with pop-ups and fake security alerts. I knew I had been infected with malware and was able to shut the processes down via task manager and uninstall them.

I rebooted my machine and the real trouble began. My desktop background went into an alert mode and "Total Security 2009" popped up and ran a fake scan. Additionally, it disabled my antivirus, firewall, and automatic updates. The malware also was able to disable any way of stopping it. I tried running task manager and it would instantly disappear. I tried running msconfig, to see if I could prevent it from booting on next start-up and work to get rid of it but it would not pop-up. I tried to use regedit but I was told an admin disabled the service. I tried gpedit to edit permissions but it did not pop-up.

My next move was to use limited internet access to download the most common antivirus and malware removal softwares. I tried Malwarebytes. It installed, began a scan and disappeared. After a reboot, it would not start and clicking the .exe in the program files folder told me I did not have permissions. This same process occured with Norton Internet Security 2009, Avast Professional, AVG Professional, Spybot, Spysweeper, and Bitdefender. The only program that did run was Spyware Doctor. The program found traces, claimed to have deleted them but the program continues to run.

My next step was safe mode. However, the virus continues to run even in safe mode, thwarting even my last-ditch efforts.

I suppose this leaves a couple of questions left. Does anyone have any other options I can try? And lastly, does anyone know where in the registry or in Windows a virus would disallow programs. As long as I can run some of these exe's, I am confident this thing will be thwarted.

As of now:

As I reported, I was basically locked out of Windows in safe mode and normal start-up. I fixed this problem temporarily by crashing explorer.exe immediately on start-up in normal mode via the task manager. Then I used the task manager's run process to use msconfig to disable the numbered virus (changes everytime to a string like 900393222) and a secondary dropper which is always named SDfe.exe. I then used the task manager's run option to uncheck the two from start-up, applied, and rebooted. I then disabled my ethernet card, deleted the two files (one in documents and settings) and one in Windows/Temp. I rebooted. The virus cannot spread without internet access, so it's at-bay. When I do enable my ethernet, I keep the taskmanager open to immediately eliminate the processes before they reboot my system and take over and I delete the files. There is obviously a file that keeps planting these files over and over.

While I have some control of my OS, I cannot run a single installed antivirus or antimalware software. All will install, reboot, and then fail to load or tell me I don't have permissions. This is clearly viral behavior. I don't know where I can find a place to allow these processes to run. It may be my only hope.

If anyone has any suggestions, please do tell. For the record, I cannot run hijack this...

Thank you all...

Warm Regards,

Bob
 
1 - 1 of 1 Posts
Status
Not open for further replies.
Top