The other desktop wont thread

[Edgie]

It was fine last night, turn it on this morning got some registry warning from mcafee saying unwanted registry, I clicked no since I didnt bring it up. Next I get some security tool warning, this program magically appeared on my program list saying I have 29 viruses click here if you want to get rid of them, click and its asking for money plus cc info. cancel that.
Now I can access the web but cant run any programs that might help me get rid of it, Cant even run Safemode with networking, no combofix malware bites cc cleaner, cant even run mcafee to run a scan. No programs open up, they start but then I get a warning saying this program is infected with a aworm, keyloger trying to get cc details.

Anything I can do to clean it up without erasing everything.

[kuronosan]

TaskKiller, HiJackThis, and look for pav.exe... you probably have that stupid program that installs a trojan and keeps trying to get you to buy their software that you didn't ask them to install.

[Edgie]

seems to be what it is, but will i be able to run any of those programs when i cant run any now. Ill see about DL them

edit: tried to dl hijackthis, taskkiller but couldnt run them, the stupid thing puts them so its like invisible

[Isiolia]

Try going into Windows\System32\ and making a copy of taskmgr.exe. Name it iexplore.exe, then see if you can run it and kill the process preventing you from running applications (the one I've seen was a string of numbers).

[kuronosan]

seems to be what it is, but will i be able to run any of those programs when i cant run any now. Ill see about DL them

edit: tried to dl hijackthis, taskkiller but couldnt run them, the stupid thing puts them so its like invisible

Okay, I know what this is now. You have to go into the registry and re-enable the keys that allow you to use taskmgr.exe (I assume you can't use this as well). Then you have to manually locate the services that are running and shut them down.

It won't let you use them (and often uninstalls them if it detects you are using them). It's almost impossible to clear this up easily since the trojan is interweaved with your registry almost totally and monitors what programs you run.

At this point, your best bet is to back up your data, format, and reinstall.

[Racey]

Okay, I know what this is now. You have to go into the registry and re-enable the keys that allow you to use taskmgr.exe (I assume you can't use this as well). Then you have to manually locate the services that are running and shut them down.

It won't let you use them (and often uninstalls them if it detects you are using them). It's almost impossible to clear this up easily since the trojan is interweaved with your registry almost totally and monitors what programs you run.

At this point, your best bet is to back up your data, format, and reinstall.

What he said. Dealt with this last week trying to fix a co-worker's grandson's computer. Killing the process that is the random string of numbers should buy you enough time to backup your files. Eventually it will force a restart and you'll probably end up in an endless circle of bluescreen reboots, on his even safe mode was a no go.

[Isiolia]

The particular one I dealt with was easily removed by Malwarebytes once the process preventing that from running was stopped. Might be a newer version of it though.

Nuking from orbit is the only way to be sure though.

[Edgie]

Okay, I know what this is now. You have to go into the registry and re-enable the keys that allow you to use taskmgr.exe .

I tried renaming it that didnt fly, How do I find the registry, Im looking for it presently, hoping I dont have to do a mind wipe. I really dont wanna deal with that. Obviously I will, if thats what I have to do.

[clent]

go to run>regedit
then go to HKEY_CLASSES_ROOT\exefile\shell\open\command
if the data in there is not "%1" %* then change it to that.

Now see if you can run programs. if you can run malwarebytes.

[Edgie]

gonna try that now, I somehow get malware bites to run, however the full scan takes longer than 30 minutes, this virus/trojan, make the pc restart every 30 minutes. lol so Im trying the quick scan.

gonna go try the registry thing now

edit: still running malwarebites on quick scan, cant get the HKEY_CLASSES_ROOT\exefile\shell\open\command, to stay open so I can look at it, or change it.

[clent]

what was the program that program called that told you about your 26 virus/spywares?

[Edgie]

kinda ironic, Safeguard... was telling me I had a virus every time I tried opening a program to clean out the virus, and trying to get me to buy/input my credit card info into it.

Update: got malwarebytes to run a quick scan, it deleted the virus, then ran combofix and full scan, didnt find anything else.

Thanks for the help guys