3 replies to this topic

[semaphore]

This is my first post to this forum.

I had an outbreak of PC Antispyware 2010 that I was eventually able to stop by manually removing almost all the files created on the day this rogue program overtook my system, plus those files I could find (which weren't many) from those listed in several web instruction sets for manual removal of PCAV2010.

I am now left with the problem of not being able to run any anti-malware like Spybot S&D, MBAM or AVG, neither would HJT run. I tried all all of these in both in normal and safe mode with the same non-result. I also tried running them with different filenames and with Win2000 or xp compatibility in all possible combinations, as suggested in several forums. Nothing worked. Whatever it is, it also locks me out of deleting or renaming the .exe files once they have been tried and failed. It also seems to have disabled Google's Advanced Searchfeature, though that could have been me mucking around in the registry.

I was able to get Avira Antivir to run. It detected and quarantined a pile of crap, but did not solve the antimalware hangups. I have that report if you want to see it. I was able to get Avira Rootkit Tool to run. It detected nothing. I tried booting with a Avira Antivir Rescue System boot disk (from disks downloaded on two different machines) and all I got was a screen image of a weird fat little gremlin with a tail, sitting on his ass wearing a tied on fake beak/nose, flashing his feet at me (BTW WTF is up with that!?).

I have been advised to run LSPfix and Winsockfix.I will try them next, without much confidence in the result.

This is the most persistent bug I have ever encountered.

What do you suggest I try next?

[prairie dog]

Hi and Welcome to the forum!

First try the fixes in #5 of this FAQ. If those to do not help, then read and follow the instructions below.


Scan and post logs - read note at bottom in green
If you're having Malware related issues with your computer that you're unable to resolve.

1. Please read and follow the instructions provided here: I'm infected - What do I do now?
2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.


* Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
* Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
* Using these other tools often makes the cleanup task more difficult and time consuming.
* If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
* Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
* There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review


* NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.

[semaphore]

Thanks for your prompt reply!

I tried all the suggestions in Fixes #5 to no avail.

procepxp.exe ran but returned no listings that appeared abnormal. Nothing identifiable as AV360, Fake Alert, TotalSecurity, SystemSecurity...

RootRepeal was whacked just like MBAM, AVG, Spybot.... even when renamed.

HJT: When newly loaded it seems to run for a few seconds more than the others, but is whacked as above.

I read "I read am Infected" and got nowhere with anything from there.

ComboFix reports:
Access is denied.
Access is denied.
Access is denied.
Please wait.
ComboFix is preparing to run.
Access is denied.

Win32kDiag.exe finds Mount Points for a lot of stuff under C:\WINDOWS\... and reports their destinations as :\Device\_max++>\^
Win32kDiag is denied access to:
C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
C:\WINDOWS\system32\attrib.exe
C:\WINDOWS\system32\config\default.bak
C:\WINDOWS\system32\config\sam.bak
C:\WINDOWS\system32\config\security.bak
C:\WINDOWS\system32\config\software.bak
C:\WINDOWS\system32\config\system.bak
C:\WINDOWS\system32\cscript.exe
C:\WINDOWS\system32\eventlog.dll
C:\WINDOWS\system32\findstr.exe
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\system32\route.exe


What next?

[prairie dog]

Please re read my entire previous post, especially the note at the bottom in green. You need to start a post in HJT log topic area here

Malware removal is not worked on in the general forum. Thanks