Harmfull Virus Changing Account User Settings + Script (Ads)

[Varcan]

Im Using Windows 7.
Well i really need help, i have i very pissing off virus, is changing my system settings to make it not notify when program trying do changes to computer, and also its script Virus, and i hate that script errors.
I have Avast + SpywareTerminator + Ad-Aware.
I tryied Combofix but i maybe used it wrong.

Plz somone help me delete that virus, im begin you

 

[kjv1611]

1. Make sure that machine is disconnected from any network, and the Internet in particular - so no network connections active.. physically unplug any network cable(s), and if you can or know now, disconnect the wireless connection if any there... that way you'll eliminate the baddies getting any backup.

2. On a clean PC, download Avira Rescu CD and/or DrWeb LiveCD, and burn each/either to a blank CD

3. Boot the infected PC from one of the CDs just created, and run the scanner.

4. If anything found, I'd personally suggest checking online before deleting anything unless it just looks really suspicious. I mean I'd double-check behind anything that looks like it may be valid... so if it sound like a legit file, do a Google search on the clean PC, and see if you find anything about it being an infected file of some sort.

5. If the scanner ends up finding hundreds or thousands of bad files, I'd suggest you'd highly be best off (and may be anyway) just wiping the drive clean with Active KillDisk or Darik's Boot 'n' Nuke, and then reinstalling... probably going to take less time and effort.

6. If you need to back up the data off that system, I'd suggest using a Bart PE disk or a Live CD of Linux -

http://www.Ubuntu.com

should work.

7. Post back with further questions and/or progress.

--

"If to err is human, then I must be some kind of human!" -Me

 

[Varcan]

i am not able to do that... no other pc's in my belongings

 

[kjv1611]

So you're typing from one of the infected PCs?

--

"If to err is human, then I must be some kind of human!" -Me

 

[kjv1611]

If you're typing here from one of the infected PCs, then maybe you can download via one of those machines.

If you want to try installing apps directly, you can try these, but some viruses/malware block the installation/execution of these:
1. Malwarebytes Antimalware - if you can get this installed, you're likely in business.

2. SuperAntiwpyware - I'd install this along with the first if at all possible.

You can get the above 2 apps at

http://www.download.com

Also, another resource:
The Ultimate Boot CD (UBCD) - it has lots of tools that may be helpful, such as KillDisk and Darik's Boot and Nuke (DBAN) - you can wipe your hard drives with one of those, and then reinstall Windows. That will be the BEST approach in all honesty.

--

"If to err is human, then I must be some kind of human!" -Me

 

[kjv1611]

Or if you can't reinstall, b/c you don't have or can't borrow a Windows disk, and you can't get those apps to install (try safe mode if normal mode doesn't work), then you can try one of the bootable CDs I mentioned in my first reply.

If you can't download any of them in normal mode, then try booting into safe mode with networking. If that doesn't work either, then you're back at square one.

Another option (will take more time, but yet still free):
Go to

http://www.ubuntu.com,

and request a disk be mailed to you. You can normally get them mailed to you for free. This will take at least a few days to a week or two, however, so it's not an option I'd mention if any way 'round it.

If you can get that, then at least you'll have a bootable OS on disk you can use to get at least some things done.

--

"If to err is human, then I must be some kind of human!" -Me

 

[Varcan]

Well thank you for those, ill try everything, but i cant clear my discs because i have too many important files. and yes im typing from infected PC xD cuz this is my only one i cant live without internet ^^

 

[kjv1611]

I keep thinking you've got more than one PC, but I think I'm remembering that from another thread. So, just to be sure, you have ONE computer, and that's all, right?

Here are some questions and thoughts:

1. How much data space do your IMPORTANT files take up? If you want everything under MyDocuments or Documents, just tell me the size there.. or think about it.. whatever..

2. If you're talking a handful of Gigabytes at most, then most any USB Thumb drive could be used to back-up your data. If you want a good fast one for a pretty good price, check these out (Obviously, the smaller you go, the cheaper it'll be):

http://www.newegg.com/Product/Produ...TMATCH&Description=patriot+xporter+xt&x=0&y=0

I personally own the 8GB Xporter XT, 32GB Xporter XT, and have used (someone lost it for now) the 64GB Xporter magnum. Overall, the Magnum is the best, I think.. but all of them are GREAT compared to almost everything else out there.. They are fast, durable, and not too expensive.

3. If you have more than a handful of GB of data, I'd go ahead and pick up whatever USB hard drive I could afford, or else a spare internal hard drive.

4. Once you get your media of choice, back-up whatever files are important.

5. Shut down the PC, and make sure whatever backup media you chose is disconnected from the machine.

6. If you were able to burn a copy of UBCD, then boot from that and run Darik's Boot 'n' Nuke - DBAN or Active KillDisk. You can let it run all the way through if you want (will take a very long time), or at least let it run for say 1/3 of the way. If it has completed at least one complete wipe, then you're probably safe. Basically, so long as it's obliterated the file systems on the drive (including the MBR), then you should be good to go, really.. though it wouldn't hurt letting it run a full wipe/session.

7. Now reinstall Windows.
8. Get Windows up to date, and make sure all drivers are up to date.
9. Install your AV software first (I recommend Avira Antivir for free software... or you can get the paid version of that or Nod32 paid version)
10. Install a software firewall - Comodo Internet Security or Online Armor by Tall Emu - all of these mentioned so far are available at

http://www.download.com

11. THEN reconnect your backed-up media source, and run at least one antivirus/security scan on the files, removing anything that may be infected... or allow the AV software to clean the files if possible.
12. Copy your backed-up data back to the PC.
13. You might then want to wipe the back-up source with a normal format, and then start a regular back-up routine from scratch. One free program that I really like for basic data back-up/sync is SyncBack. You can also try Sync Toy from Microsoft, but I think SyncBack works TONS better than Sync Toy.

Anyway, happy working.

Of course, post back here with further questions, issues.. and/or ESPECIALLY your progress made - whatever you do.

--

"If to err is human, then I must be some kind of human!" -Me

 

[Varcan]

I Think that Malwarebytes and Super Antispyware helped, script errors are gone but, those damaged the rundll32.exe and i have a backup one, but, i have windows 7 and i cant paste files to System32 folder, i tryied run eplorel as administrator - didnt help, cal u help me with that ?
and also, my User Account Settings still changing to @never notify" , is that still a some kind of virus ? mby its still same virus ? if yes i think i have to do system backup and clean my discs
any advice mr kjv1611 ?

 

[kjv1611]

Sorry, was out from work last Thursday and Friday.. well Friday is normal, but was out Thursday, and I often don't check this site from home.

Anyway, have you tried logging in as the Administrator account - not just an account with administrative priviledges, but the one that actually is named "Administrator"? If not, try that, see if you can do then...

But I think with that file, you'd probably have to do the copy/paste when outside of Windows. If you can get a Bart PE disk or a LiveCD version of Linux, and run that, you might could do the work that way.

But then again, if something HAS messed up your system files to this extent, it may very well be worth your time to just wipe it clean, and start again... if so, I'd do this:


1. Backup any important files to a USB thumb/flash drive, or another hard drive or something.
2. Download the UltimateBootCD, burn it to a CD.
3. Boot from the UltimateBootCD
4. Run Active KillDisk, select your hard drive from the list, and clear it off... I think that version of KillDisk only supports a single pass operation, which is probably all you need.
5. Let it run for a little while - at LEAST something like 5 or 10 %... a full wipe would be best, but if your strapped for time, this'll at least obliterate anything to get the install started.
6. Now, boot from your Windows disk, and install as normal.
7. After install completes, get Windows up to date.
8. Next thing is to make sure drivers are correct..
9. If a driver is NOT ready, but it's not 100% essential, necessary, for operation, then go ahead and get a good Antivirus App and Firewall going on the machine before doing anything else.... THEN you can go back and finish with your drivers if need be.
10. AFTER all of that is done, that's when you can go and tweak things if you want, install extra applications, etc.. and of course, restore your backed-up files.




--

"If to err is human, then I must be some kind of human!" -Me