Virus Removal

[Jb1210a]

Upon checking out my PC this morning, I noticed that it was showing popups indicating that it was infected by a virus. Last night there was no sign of this and I'm perplexed as to why it's on here.

A few months ago, I had a major problem with my PC where I had to wipe the system and reinstall everything on my PC because of a flood. In that rush of reinstalling, I forgot to install the antivirus software.

This morning after seeing the problems my machine is having I tried to install the software but with no success. It seems the virus blocks my PC from installing anything, it's giving me an error saying install.exe couldn't run when I try to execute the program.

Anyway, I'm looking for any solution you can think of, the virus doesn't seem to be stopping anything from running, but the popups are definitely annoying. Anyone have any ideas?

[Cephius]

http://www.bluegartr.com/forum/showthread.php?t=78291

[Jb1210a]

Thanks for the tip, now to find my USB drive...

[Jb1210a]

I've tried all boot options but I just cannot get my Advanced Options screen to come up so I can start in safe mode. Googling the issue produced what was described in the above linked thread. Repeatedly pressing the F8 key simply isn't working. I'm running windows XP on a Dell XPS 630i.

[Jb1210a]

I tried booting using a command prompt method I found using Google and it gave a pop-up box saying that the MSCONFIG utility is infected. This seems like simple malware, but it's blocking my attempts to clean it.

[Killgannon]

while i dont recommend this, you can try to force advanced options to pop up on boot by causing your pc to die... do not shutdown, do not use the power button, unplug the power, or switch your surge protector off (if you have one) while the PC is on, upon next boot it should ask you if you want to boot xp with last known good configuration or boot in safe mode... something to try since you cant get into msconfig and cant pull off the F8 shortcut, i will repeat that i don't recommend this, but its something different you havent tried, and it SHOULD work

[Jb1210a]

I've definitely thought about doing that, it seems that it's one of the only 2 options I have left (killing power to the PC to force advanced options, or complete system wipe and restore). Either way, I'm backing up my important files now.

[Killgannon]

if you decide to reformat/reinstall or even remove the malware, be sure to install your antivirus and have mbam check your backup files BEFORE you restore them as they could be infrected as well in mbam when you run a full scan have your USB drive (or whatever you backed up on) connected and check that drive too

edit: sounds like you have a rogue actually, do you know which one it is? like Personal Security or Antivirus 2009, or whatever? there are manual removal instructions out there for most of them that can, at least partially, be pulled off in normal mode

[Jb1210a]

I'm not using a backup program I just copied my files to the USB as my "backup" method. I'll be sure to check the USB drive for an infection as well once this issue is resolved.

Regardless, killing the power did not work, it went directly to the load screen for Dell XPS. It seems like this virus completely removes the possibility for the PC to boot into safe mode at all. I definitely don't want to restore my system as it's such a huge pain in the ass for me to do. I've had to restore my system in the past (a flood in the Atlanta area caused a power outage which ended up screwing up my system).

I'd like to exhaust all options before I resort to a restore, anyone have any other ideas that might fix this problem?

[Killgannon]

does your keyboard happen to have an f-lock key on it?

i have a boot CD that boots into a windowsPE enviroment that would help out with this, however im not sure if i can upload it anywhere/if its available online anywhere since its a custom ISO, ill txt my boss and see if i can get the ISO/rip it myself if I have too, give me a bit

[Jb1210a]

I was able to use F2 and F12 (I believe BIOS menu and System Restore menu), so I assume it wouldn't be a function lock key (I'm positive it doesn't have one anyway).

[Killgannon]

one thing before i get this ISO for you, are you connected to the internet wirelessly or wired? wireless wont work in this boot environment so you definitely want to be wired

edit: iso is incoming, may take a bit becuase i have to download from my boss's home connection then reupload with my own, so if you can tough it out for a bit longer we'll get you fixed up

[Jb1210a]

I'm fully wired on my desktop, I'm connected to a router, but it's all directly connected.

[Killgannon]

will you have trouble booting from a CD and running apps from an xp-like interface? i could likely write up a tutorial to do it quickly if need be, but if you can pull it off on your own then ill just give you the iso link when its done

[Jb1210a]

I'm not 100% familiar with what I would need to do there. I'm guessing I change the boot order in BIOS and run the apps off the CD themselves?

[Killgannon]

yeah, it will boot into a windows enviroment once you boot from the CD, ill write up what to do afterwords once i get it uploaded

[Jb1210a]

I'd like to thank you in advance for the help, I fell quite stupid for forgetting to reinstall AV program. I'll be sure to do that once this problem is taken care of.

[Killgannon]

no problem, this is the type of stuff i work with everyday, though typically we can get into safe mode without issue... but on the ones that have problems like this one drastic measures have to be taken lol

[Killgannon]

REMOVED BECAUSE OF FAILis the ISO, tutorial tomorrow, sleep now

[Jb1210a]

Excellent, just started the download now, I'll let you know once it's finished.