1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive [InActive] Something is limiting access to my PC

Discussion in 'Malware and Virus Removal Archive' started by BadKarmaPT, 2008/10/08.

  1. 2008/10/08
    BadKarmaPT

    BadKarmaPT Inactive Thread Starter

    Joined:
    2004/11/24
    Messages:
    23
    Likes Received:
    0
    Hello,

    Today while executing a file I thought was safe, something got installed into my system (XP SP2) that is limiting what I can do with my computer...

    All my desktop icons were replaced by three new ones (Malware Defender, Protect Your Privacy and System Error Fixer) and my wallpaper was replaced by a red screen warning me I have malware/viruses on my computer.

    I can only access Internet Explorer and Outlook under the Start Menu. It keeps telling me Task Manager has been disabled by the system administrator when I press Ctrl+Alt+Del.

    I keep getting pop up messages about virus and spyware and asking me if I want to remove them. I have a "virus alert!" message in the taskbar by the watch.

    I was able to run Spybot Search&Destroy and it detected an removed a lot of stuff but the next time the computer is started it's all there again.

    This is what Spybot detects and I hope it's helpful.

    NNC.MGRS

    ... software\microsoft\internetexplorer\main\start page=about:blank (is not)

    MICROANTIVIRUS

    C:\Program Files\MicroAV\MicroAV.ooo
    C:\Program Files\MicroAV\MicroAV0.dat
    C:\Program Files\MicroAV\MicroAV1.dat

    Microsoft Internet Explorer

    ... windows\currentversion\policies\explorer\ nosetfolders (is not) w=0

    Microsoft Windows System

    ... microsoft\windows\currentversion\policies\system\nodispcpl (is not) w=0
    ... policies\explorer\nostartmenumoreprograms (is not) w=0

    Microsoft Windows Security Center. Registry Tools

    ... microsoft\windows\currentversion\policies\system\disableregistrytools (is not) dword:0

    Microsoft Windows Security Center.Taskmanager

    ... software\microsoft\windows\currentversion\policies\system\disable taskmgr (is not) dword:0

    Smitfraud-c.

    ... software\microsoft\windows NT\currentversion\productid=...virus alert!...
    ... control panel\international\stimeformat=...virus alert!...

    C:\windows\privacy_danger\

    All these registry keys have in common:
    HKEY_USERS\s-1-5-21-1482476501-1454471165-839522115-1003

    I´m sorry I can´t post a HJT log but like I said I am very limited to what I can do with my PC. In case you're wondering I'm using a different PC to write this message.

    Can someone please help me to sort this out?
    Thank you in advance.

    Regards,

    Hugo
     
    BadKarmaPT,
    #1
  2. 2008/10/09
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Hugo

    You will need to download the setup file for Malwarebytes Anti-malware to the computer you are using and transfer it to the infected computer and run it.
    Let it run the first time without updating it, then after that update MBAM and run it again.

    Here is the download link.
    Download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

    Transfer it to the infected computer and run it using these instructions.

    Double click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version. <<Skip this the first run
    • Once the program has loaded, select 'Perform Quick Scan', then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Post the entire report in your next reply.

    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Then see if you can get here on the infected computer.

    Thanks
    Geri
     
    Geri,
    #2


  3. to hide this advert.

  4. 2008/10/11
    BadKarmaPT

    BadKarmaPT Inactive Thread Starter

    Joined:
    2004/11/24
    Messages:
    23
    Likes Received:
    0
    Hello Geri,

    Thank you very much for your help. I appreciate it.
    Since I had done a backup of my system only a couple of days before I decided to restore it and get rid of the problem completely in one go.
    After that I downloaded and installed MBAM as you suggested. It will help me keep my computer malware free in the future.
    Thank you once again.

    Best regards,

    Hugo
     
    BadKarmaPT,
    #3
  5. 2008/10/11
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Hugo
    OK thanks for letting me know.

    Surf Safely
    Geri
     
    Geri,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...