Serious malware infection - "your system is infected!"- No internet or safe mode

Hi there,

Im here because of a malware infection i just got on my pc. I am kind of experienced with old malware/spyware e.t.c but this is something completely different. Ive never seen anything like it before - maybe because its been a long time that ive been free off viruses and mal-spyware.

Anyway it goes like this, (My description of the problem might not be 100% accurate because i am currently away from the infected pc due to network problems but i am sure you will understand what its about.)

I was browsing through some pages and playing online poker at the same time(i believe that has nothing to do with the infection but stated anyway) and i also unzipped a file i downloaded from a not so formal website and executed an .exe file which was a self extracting archive which instead of including a program i was looking for it had an adults movie in...... Minutes after the extraction i got 3 shortcuts to adult websites on my desktop and started getting error messages that said  "application cannot be executed! The file is infected" Then i got an icon popping up antivirus warnings e.t.c .  I also tried to access task manager which i couldnt due to an error saying that the task manager was disabled by the administrator.

The malware seems to not letting me run any .exe's as i tried every single anti malware and spyware tool i had like Malwarebytes antimalware, Spyware doctor and so on.

When i restarted i got a blue background with a black box in the middle saying 

"YOUR SYSTEM IS INFECTED - System has been stopped due to a serious malfunction. Spyware activity has been detected. It is recommended to use spyware removal tool to prevent data loss. Do not use the computer before all spyware removed."


Then i had no internet connectivity even from any other laptop or pc on my network.

I tried to go into safe mode but a blue screen appears just before windows load into safe mode and the pc restarts both in safe mode with networking and without.

The only program i managed to run was spybot which found several infections including virtumondo which i have seen before. I removed all of the infections but the problem still remains.

After i restarted again for spybot to complete the removal i also started getting error about the Windows logon UI and WMI.


I googled everything and was searching for answers for almost 4 hours now without getting to a source i can really get something from and also getting an overload of information  and thats why i came to you as i can see you helped some similar cases to mine.

Thank you in advance for your help which is much appreciated.


Forgot to say, i didnt have any kind of antivirus running on my system as i recently had a clean installation of Windows XP Service Pack 3. Only Nvidia firewall was running

Welcome to CH,

Please go here and follow the directions in order and post the three required logs for Evilfantasy or another malware specialist to review.

I am trying to run anything but nothing works....Windows wont even load sometimes. I am currently running AVG scan as the first step but i am getting something not so usual. I am getting windows files and program files i have on my pc as infections of Win32/Virut.   ??    For example i am getting that explorer.exe and drwtsn.exe and notepad.exe and many more are infected by this virus and some other trojans...

Should i remove all of the infections after the scan or is ti the malware that makes everything seem as infected so i will remove system files?

As soon as the scan finishes i will also post a log.

Thank you again

Update :

AVG scan finished and removed anything avg thought that had to be romoved and when i restarted i got a blue screen just as windows was loading. The blue screen technical information icludes:

zgbuetaxgkdt5.sys - Address B21A4422 base at B2199000, DateStamp 4ae2cb07

I cant boot into windows or safe mode due to this error.

Ok, i am really going crazy here. I tried everything!

As i said on my previous post i cant log on to windows in any way. So i thought i could try to access the Hard disk by another hd i have on my pc which is formatted to EXT3 as i had debian linux installed on it.

However because i couldnt mount the NTFS hd that has my infected windows xp copy from linux i wiped the hard drive using GPARTED LIVE and tried to format it to ntfs.

An error came up and now i cant find the HD anywhere! Its gone. I unplugged and plugged the hd in again but nothing seems to happen.

Its like some force doesnt want me to get this fixed!

Please any guidance would be greatly appreciated.

Thanks again

edit:

Just to make this clear enough

I have two HD'S on my pc

One with the infected copy of Windows XP and one formatted to ext3 which had a copy of Debian linux which i just tried to format to NTFS.

Now after g-parted failed i can only access the ntfs HD.

I however understand that any logs are needed for you guys to help me with anything but as you can see i cant get any logs without logging into windows. Any guidance to enable my self to log in to windows without losing any of my data or backup my data in any way without logging to windows would be greatly appreciated.

please don't do any thing else you should have done what karnac said and left it at that , go to a clean pc and d/load every thing form karnac's link to a memory stick or similar and see if it will run on your pc and if you can get the logs and post them here , harry

Hi harry and thanks for the reply.

As you can see from my posts i did try to follow the steps karnac gave me but after the virus scan i cant log in to windows. So i cant run any of the programs stated in the steps. Im looking  for a way to log in to windows but cant find one. Thats where i need help first before anything else. 

I tried Safe modes, i tried last good known configuration. I tried everything but cant log in to windows as i get a blue screen every single time i reboot.

i could be wrong  but if you run them from a memory stick you don't need to log into windows read below

http://www.computerhope.com/issues/ch001141.htm

[Malware Removal Specialist]

Hello Sander and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your replies. Let's try this:
Go to this link to create a Rescue CD or to this site to create a Rescue USB. Carefully follow all the instructions for whichever method you choose.
Please let me know if you log onto your computer after this.

great to see on board dave

Hi SD!

Thank you so much for replying!

Im working with Rescue now and will post the result in a few minutes.

The Bit Defender scan has just finished finding 48 infections which included files from windows/system32 folder like tzchange.exe and many more files that i think are crucial windows files. I chose the option disinfect for every one of these files and delete for the rest of them.

Neither worked for 42 of them and i cant save the log anywhere to post it here as well. I didnt choose the delete option for the system32 files because i think they are needed by windows.

When i restarted after the scan finished i get the blue screen again as i did before.\

I cant understand whats happening. And i dodnt know if theres any way to get the log out of the bootable usb to post it here for more help.

Something i have been thinking....If i do a clean install of windows without formatting the HD will i lose any of my data apart from the My documents folder? For example everything thats on the desktop is in the Documents and Settings/My account name  folder. Will these go as well? Because all of my data is on the desktop as i recently did a fresh install of Windows.

Thanks

[Malware Removal Specialist]

Hi Sander. If you do a clean install I'm quite sure you will lose everything. Just sit tight and we'll figure out some way of getting logged on.

Ok thanks for standing by SD i appreciate it.

The reason i am asking for an installation of windows is because last time i installed windows i accidentaly installed it twice on the HD and both installations were present on the disk but i am not sure if i will lose any of my data. Anyway, another thing is that i can access my data from the rescue USB but i am not sure if i can transfer it to any other HD. It is also quite a lot of files resulting to 200GB of space.

I am looking forward for more guidance.

Don't transfer any files....you said in reply#2 that AVG detected Virut.....you will infect another PC if you're not careful.

Sorry Dave ... had to throw in the heads up.

Thanks for the heads up karnac, completely forgot that i could infect the pc again!

edit:

However from what i remember only the windows system files where infected by virut. What i am saying is, if i transfer only my data for example my documents/photos/movies/Application e.t.c from which none was infected will that be a problem? Or is it better to not take the risk and just wait for guidance in order to disinfect the pc completely before doing anything?

better to not take the risk and just wait for guidance

By the way i just found out that the blue screen contains this : STOP 0x00000024

Doesnt that sound like a corrupted ntfs disk? I am not sure but from experience whenever someone had an error like that it had to do with the ntfs.sys files or with a corrupted ntfs disk.

However i dont get anything about ntfs.sys but i do get a zqbuetaxgkdt5.sys file?

Hi any updates on my case?

Hi again guys.

I searched around and found a backup i made  that contains some of my data, or the ones i really need so i decided to go ahead and reformat and have a clean installation of windows xp. I dont have any more time to waste trying to get this fixed. I know that with just a bit more patience i could fix a part of the problem with your guidance but i cant do it anymore.  Most of the times a pc got infected with any kind of virus/malware/spyware e.t.c i could have it up and running in less than a day even if the infection was persistent. This is something else!

Anyway THANK you so much for your advice and guidance, thank you karnac, thank you harry and thank you SD fro replying and trying to help me with this issue i really appreciate it and will come back in the future if anything happens.

C ya!

Back again! So soon!

I just want to ask you guys, i know everyone has a different opinion on these kind of questions but just to have an idea, i am really considering on buying Antivirus Software for my new Installation. Which one would you advice me to choose?

I used to have free Antivirus but from what i heard everyone is happy with Bit Defender products. Is it true? Should i just stick to the free ones for the moment? Thanks!

[Malware Removal Specialist]

Hello Sander. Sorry for the delay. I did some research about your stop error and found this link: http://cc.bingj.com/cache.aspx?q=stop+0x00000024&d=4772632121901875&mkt=en-CA&setlang=en-US&w=e360615c,d35fd91a
I was going to suggest that you try to start your computer with your OS Cd and do a repair. It's too bad that you lost your data.

Hi SD!

I did try to everything from my OS cd and from other cd's but nothing seemed to work. I tried recovery console, system restore e.t.c.  Anyway, everything happens for a reason, this tought me to not surf around without any protection at all and download suspicious files!.

Sander,

I have to bring this to your attention in case it's overlooked.

You had Virut on your pc.

Read Evilfantasys' comments on this infection here

Be certain to follow his instructions regarding banking and passwords.

[Malware Removal Specialist]

Sander. Some information to use after you re-format.

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Hi,

Thank you for your advice.

By the way is it a sure thing that virut might stole any of my credentials? cause i have so many passwords for so many sites. Where does it get it from? Cookies? saved passwords for web sites? Arent they ciphered-encrypted?

I will change as many as i can however just for a precaution but is it really that bad?

Thanks!

[Malware Removal Specialist]

Hi Sander. You don't have to buy any Anti-Virus programs if you don't want to. There are some free AV's that are just as good or better than the paid versions. Here are links for some of them.

Avast Home Edition

AVG Free Edition

AntiVir Personal

Microsoft Security Essentials

This last one by MS if relatively new and has some good reviews. I use Avast but I installed MSE on my laptop and it appears to be working well

c

c

c

zelaw you cannot hijack someone else's topic start your own and re-post the logs please