[everyshadeofblue]

I have this weird problem I've googled and still can't find a solution too. I think I have had some type of virus or malware on my computer for quite some time. I can't download any virus programs....they stop at the end, won't execute or start. There's no way to install an anti-virus program. Today I tried to install the windows cleanup tool so that I can finally install KB929729 Windows Update. Didn't work....

I'm at a loss...don't know what to do! Obviously something is in control and preventing me from downloading any type of helpful software.

I appreciate anyone's help!

Jeff

[kahdah]

Hello everyshadeofblue

Welcome to G2Go.
=====================
Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.

• Double-click ATF-Cleaner.exe to run the program.
  
• Click Select All found at the bottom of the list.
  
• Click the Empty Selected button.

If you use Firefox browser, do this also:

• Click Firefox at the top and choose Select All from the list.
  
• Click the Empty Selected button.
  
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

• Click Opera at the top and choose Select All from the list.
  
• Close ALL Internet browsers (very important).
  
• Click the Empty Selected button.
  
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
===========================================
Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

• Close ALL OTHER PROGRAMS.
  
• Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  
• Under Additional Scans click the checkboxes in front of the following items to select them:
  
  File - Lop check
  File - Purity Scan
  Under Basic scans:
  Rootkit Search -Yes
  
  
• Do not change any other settings.
  
• Now click the Run Scan button on the toolbar.
  
• Let it run unhindered until it finishes.
  
• When the scan is complete Notepad will open with the report file loaded in it.
  
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Attach the information back here. I will review it when it comes in.
======================================================================

[everyshadeofblue]

Thank you for the warm welcome! I am going to try that when I get home, however, the issue has been that I can't download anything at all. I've tried to download Virus software, etc. and whatever is on my computer prevents it from happening. It'll appear that it's downloaded (saved on desktop) but the file is never there. I'm not confident I'll be able to download ATF but I may drop it onto a thumbdrive and then install...even that has not worked in the past. This is a weird problem.

Jeff

[kahdah]

Ok let's try it anyway just to see what is going on.

[everyshadeofblue]

HI Kahdah:

I ran the scan and it froze while doing the rootkit scan. This is similar to any other time I try to run a virus type program (AVG, etc.). It'll freeze before it finishes and I have no choice but to close the program. This is all I got in the log:

catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-11 18:40:46
Windows 6.0.6000 NTFS

scanning hidden files ...

[kahdah]

How about the dds scr that I asked for did it freeze as well?

[everyshadeofblue]

You'll have to excuse my ignorance... I don't see a reference to dds scr

Thanks

[kahdah]

Sorry my mistake it was someone else I posted to run it.


Anyway try these:
lease download DDS and save it to your desktop.

• Disable any script blocking protection
  
• Double click dds.scr to run the tool.
  
• When done, DDS.txt will open.
  
• Click Yes at the next prompt for Optional Scan.
  
• Save both reports to your desktop.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
================
Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
  
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
  
• Click OK.
  
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

[everyshadeofblue]

I think it worked! I attached the .txt document and the attach zip file. Thanks!

Attached File(s)

•  DDS.txt (14.52K)
  Number of downloads: 426
•  Attach.zip (1.92K)
  Number of downloads: 176

[kahdah]

Great can you post or attach the GMer log as well.

[everyshadeofblue]

ok, will do! I'm heading out of town today so I'll get it posted early next week. Thanks again for all your help!

[kahdah]

Ok upload it instead so I can see all of it thanks.

[everyshadeofblue]

Kahdah:

Sorry for the tardy reply. I put the GMER program on a thumb drive and put it on my desktop. As with other programs of this nature, it won't run on my computer. I can click the exe command all day and it won't do anything.

Jeff

[kahdah]

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:regedit /e c:\registrybackup.reg
Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

Please open up Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as fixthis.reg on your Desktop.

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"TileInfo"="prop:FileDescription;Company;FileVersion"
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runas]

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]
@="{09A63660-16F9-11d0-B1DF-004F56001CA7}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]
@="{86F19A00-42A0-1069-A2E9-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

Now double-click fixthis.reg.
A window will come up asking if you want to let it merge with the registry.
Click yes.
Reboot for the changes to take place and let me know if you can then run gmer.

[everyshadeofblue]

I got this message when double clicking on the registry: Not all data was successfully written to the registry. Some keys are open by the system or other processes.

Sorry to be so difficult