Running XP Home SP2. Virus has hijacked IE and despite repeated attempts to remove with Malwarebytes' Anti-Malware, computer continues to crash unexpectedly, random blue screens of death, malicious .exe files constantly popping up in Task Manager. Browser is still hijacked, refuses to show images on webpages (right now for example), some links get redirected (Google, etc.), security settings continually being reset to lowest level. Crashed Hijackthis 2x and Malwarebytes 3x with blue screen of death. On 4th scan with Malwarebytes, log says it was unable to remove 5-6 files, including WinCtrl32 and several malicious dll files which I was also unable to remove in Safe Mode. On startup, hangs explorer.exe, have to manually shut down malicious .exe's in Task Manager, occasionally completely freezes forcing reboot. Task Manager PF Usage seems to be higher than normal, based on usual items in processes list, CPU Usage shows random occasional spikes. My Network places shows a new connection called HP6F2B4F, of which I am unable to check the properties. Backed up important files in My Documents, believe that virus has jumped computers via USB backup. Discovered and deleted several malicious .exe files on USB drive. Do not have any saved Restore points. Please let me know what I have to do and what other infomation I should provide in order to clean my computers ASAP, any help is much appreciated, thanks in advance.

Edit: Virus is not allowing me to open IE at all, task manager occasionally freezes, have had to switch to other computer. Situation desperate, please help!

Please read this (http://www.pcguide.com/vb/showthread.php?t=60009) and post a Hijackthis log.

You don't understand, HJT crashes when I go to click "save log", the window just disappears and the process ends in Task Manager. Would I be able to run it in Safe Mode?

Yes, run it in safe mode...

Solved this computer's (Dell Dimension) problem, the virus infected the HJT installation files, downloaded new install files for Spybot, Ad Aware and HJT, system is effectively clean.

Now there was another computer hit with the same thing, a Lenovo Z61m latpop, winxp, etc. The problem is that when I noticed a lot of alien .exe's popping up all of a sudden in Task Manager, explorer crashed and it looked like a lot of stuff began to be rewritten in the registry. I panicked and did a hard shut down, now when I turn it on it freezes at the Welcome screen. I have mouse control, but that's it. The same thing happens in Safe Mode. I took it to Geek Squad, but they couldn't suggest anything aside from a complete reinstall. I did a full data backup beforehand, but I have some programs that I don't have the installation .exe's for, and the computer itself came with some Thinkvantage stuff that I'd rather not lose if I can. Chkdsk repair and repair install both did not load the OS and stopped at the welcome screen respectively. If there's any way for me to recover my user settings and get back to the Desktop, please post here. All suggestions are much appreciated, thanks in advance!

If there were a way to post a HJT log from it, it'd be here. Let me know if I have any other options, thanks.

Without a hijackthis log, there is no way to know your system is clean. I do know of no case where Spybot and Adaware have cleaned Anti-virus infections.

Without a hijackthis log, there is no way to know your system is clean. I do know of no case where Spybot and Adaware have cleaned Anti-virus infections.

I'm asking if I can change the focus from the computer in the original post to that of the laptop issue I just posted, because it is a more urgent concern for me. If I'm able to resolve this current issue I'll go back to the one in the first post. Thanks

Any suggestions?

Any suggestions?

Absolutely! Keep one thread per topic please, especially to one computer!

Although you may have more than one computer on your network, whether or not they could or would infect one another is another issue. Please deal with each PC unless the issue becomes plain to see that it is due to your network.

I'm asking if I can change the focus from the computer in the original post to that of the laptop issue I just posted, because it is a more urgent concern for me. If I'm able to resolve this current issue I'll go back to the one in the first post. Thanks

Any suggestions?

Start a new thread for the new computer by posting the symptoms and a hijackthis log....

Start a new thread for the new computer by posting the symptoms and a hijackthis log....

Explain to me how I am supposed to post a hijackthis log if I can't get to the desktop to load the program.

Can you boot into safe mode?

Can you copy the program from a known clean PC?

have you tried to rename the file from hijackthis.exe to fixme.exe?

Can you boot into safe mode?

No.

Can you copy the program from a known clean PC?

Yes, but it can't be run.

have you tried to rename the file from hijackthis.exe to fixme.exe?

See above.

Well, this one is looking bad...

Before you give up entirely, do you have a USB stick drive?

If so, HJT can run as a 'portable' program. Put it on the USB drive and change its name to something like george.com (com being another Windows executable extension). You may have to manually save the log file, but hopefully it will run.

A number of these rejects from the manure pile target specific files by name and extension. The current popular name to rename HJT to may now be compromised as well as the original name. There are a very few, though, that go a bit further and target the removal tools by specifics in the file itself, so unless something rather drastic is done to the file, it will be blocked from running.

First you can rename it before you copy it. You can run it from a memory stick?

There are other options:

1) Can you boot into safe mode?

2) Do you have a floppy drive?

3) Do you have access to a clean pc?

4) Do you have a pen drive or memory stick?

5) If the answer to 4 is yes, is it recognized.

I don't think we're on the same page.

I am unable to get to ANY desktop, there are NO USERS present AT ALL at logon -> it hangs at "Welcome" screen, period, both in normal and safe mode. I can't do ANYTHING except click and move my mouse. Pressing buttons do not work, CTRLALTDEL doesn't work, nothing works at the Welcome screen. I don't know how much clearer I can be than that. Even if I copied HJT to a thumbdrive and changed its name and all that, how am I supposed to run it on a system that isn't able to load ANYTHING at all??

Am I supposed to change the BIOS settings so it loads from the thumbdrive before the infected C: drive? I already had Geek Squad go over the system with their MRI PE tools disk, which I noticed cleans with 10 different antivirus/antimalware programs. This is also how I was able to make a data backup, minus the C:/WINDOWS folder and other system files.

All I care about at this point is salvaging something of my user preferences, as I'm hoping to avoid having to customize every thing again. Is there a way I can save my settings from my main administrator account, perhaps from the ntuser.dat file or some other file that stores user settings?

Classicsoftware:

1. No, hangs at Welcome screen. Has trouble loading MUP.SYS, I noticed. Another computer had a similar looking problem, but eventually loads an account, while it takes a while, it doesn't hang forever like this.

2. No.

3. Yes, what I'm typing on.

4. Yes, but again, how do I load it from there?

Are you guys really unable to help me without an HJT log? Isn't there a way to diagnose the problem by other means/programs? I know HJT is great, but this seems a lot more serious than would be suggested by HJT.

Thanks for the suggestions thusfar, much appreciated

The second it says Loading Windows press the F8 key and see if you can get safe mode as an option.

I know how to get to safe mode...

The second it says Loading Windows press the F8 key and see if you can get safe mode as an option.

I am unable to get to ANY desktop, there are NO USERS present AT ALL at logon -> it hangs at "Welcome" screen, period, both in normal and safe mode. I can't do ANYTHING except click and move my mouse.

Yeah, safe mode hangs at the welcome screen too, if that wasn't clear from my typing above.

Any other suggestions?

Do you have access to an XP install CD?

If so, you may want to try and build a UBCD4Win (http://www.ubcd4win.com/). It is a bootable rescue/scan CD that contains, in its default config, a number of useful tools...including the ability to load a remote/other registry and scan it. It also has several AV tools available. Since it is a CD it is immune from becoming infected while working on the problem machine...

I have Lenovo recovery disks, would those work?

No, needs to be a full install disk. There are ways of building it with a 'recovery' set, but they are not easy to accomplish...

Please CLASSICSOFTWARE, can you remove that thoughof '''From all...'' at the end of your comment help, it is annoying to look at this every time you add an answer.....thanks, I am just one that tries to read all the content before makiing a comment. No offense.

@ boucbaz

If you don't want to see the signatures of peeps then just disable the option from your own control panel.