Serious malware infection - "your system is infected!"- No internet or safe mode

[Sander]

Hi there,

Im here because of a malware infection i just got on my pc. I am kind of experienced with old malware/spyware e.t.c but this is something completely different. Ive never seen anything like it before - maybe because its been a long time that ive been free off viruses and mal-spyware.

Anyway it goes like this, (My description of the problem might not be 100% accurate because i am currently away from the infected pc due to network problems but i am sure you will understand what its about.)

I was browsing through some pages and playing online poker at the same time(i believe that has nothing to do with the infection but stated anyway) and i also unzipped a file i downloaded from a not so formal website and executed an .exe file which was a self extracting archive which instead of including a program i was looking for it had an adults movie in...... Minutes after the extraction i got 3 shortcuts to adult websites on my desktop and started getting error messages that said  "application cannot be executed! The file is infected" Then i got an icon popping up antivirus warnings e.t.c .  I also tried to access task manager which i couldnt due to an error saying that the task manager was disabled by the administrator.

The malware seems to not letting me run any .exe's as i tried every single anti malware and spyware tool i had like Malwarebytes antimalware, Spyware doctor and so on.

When i restarted i got a blue background with a black box in the middle saying 

"YOUR SYSTEM IS INFECTED - System has been stopped due to a serious malfunction. Spyware activity has been detected. It is recommended to use spyware removal tool to prevent data loss. Do not use the computer before all spyware removed."


Then i had no internet connectivity even from any other laptop or pc on my network.

I tried to go into safe mode but a blue screen appears just before windows load into safe mode and the pc restarts both in safe mode with networking and without.

The only program i managed to run was spybot which found several infections including virtumondo which i have seen before. I removed all of the infections but the problem still remains.

After i restarted again for spybot to complete the removal i also started getting error about the Windows logon UI and WMI.


I googled everything and was searching for answers for almost 4 hours now without getting to a source i can really get something from and also getting an overload of information  and thats why i came to you as i can see you helped some similar cases to mine.

Thank you in advance for your help which is much appreciated.


Forgot to say, i didnt have any kind of antivirus running on my system as i recently had a clean installation of Windows XP Service Pack 3. Only Nvidia firewall was running

[Karnac]

Welcome to CH,

Please go here and follow the directions in order and post the three required logs for Evilfantasy or another malware specialist to review.

[Sander]

I am trying to run anything but nothing works....Windows wont even load sometimes. I am currently running AVG scan as the first step but i am getting something not so usual. I am getting windows files and program files i have on my pc as infections of Win32/Virut.   ??    For example i am getting that explorer.exe and drwtsn.exe and notepad.exe and many more are infected by this virus and some other trojans...

Should i remove all of the infections after the scan or is ti the malware that makes everything seem as infected so i will remove system files?

As soon as the scan finishes i will also post a log.

Thank you again

[Sander]

Update :

AVG scan finished and removed anything avg thought that had to be romoved and when i restarted i got a blue screen just as windows was loading. The blue screen technical information icludes:

zgbuetaxgkdt5.sys - Address B21A4422 base at B2199000, DateStamp 4ae2cb07

I cant boot into windows or safe mode due to this error.

[Sander]

Ok, i am really going crazy here. I tried everything!

As i said on my previous post i cant log on to windows in any way. So i thought i could try to access the Hard disk by another hd i have on my pc which is formatted to EXT3 as i had debian linux installed on it.

However because i couldnt mount the NTFS hd that has my infected windows xp copy from linux i wiped the hard drive using GPARTED LIVE and tried to format it to ntfs.

An error came up and now i cant find the HD anywhere! Its gone. I unplugged and plugged the hd in again but nothing seems to happen.

Its like some force doesnt want me to get this fixed!

Please any guidance would be greatly appreciated.

Thanks again

edit:

Just to make this clear enough

I have two HD'S on my pc

One with the infected copy of Windows XP and one formatted to ext3 which had a copy of Debian linux which i just tried to format to NTFS.

Now after g-parted failed i can only access the ntfs HD.

[Sander]

I however understand that any logs are needed for you guys to help me with anything but as you can see i cant get any logs without logging into windows. Any guidance to enable my self to log in to windows without losing any of my data or backup my data in any way without logging to windows would be greatly appreciated.

[harry 48]

please don't do any thing else you should have done what karnac said and left it at that , go to a clean pc and d/load every thing form karnac's link to a memory stick or similar and see if it will run on your pc and if you can get the logs and post them here , harry

[Sander]

Hi harry and thanks for the reply.

As you can see from my posts i did try to follow the steps karnac gave me but after the virus scan i cant log in to windows. So i cant run any of the programs stated in the steps. Im looking  for a way to log in to windows but cant find one. Thats where i need help first before anything else. 

I tried Safe modes, i tried last good known configuration. I tried everything but cant log in to windows as i get a blue screen every single time i reboot.

[harry 48]

i could be wrong  but if you run them from a memory stick you don't need to log into windows read below

http://www.computerhope.com/issues/ch001141.htm

[SuperDave]

Hello Sander and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your replies. Let's try this:
Go to this link to create a Rescue CD or to this site to create a Rescue USB. Carefully follow all the instructions for whichever method you choose.
Please let me know if you log onto your computer after this.

[harry 48]

great to see on board dave

[Sander]

Hi SD!

Thank you so much for replying!

Im working with Rescue now and will post the result in a few minutes.

[Sander]

The Bit Defender scan has just finished finding 48 infections which included files from windows/system32 folder like tzchange.exe and many more files that i think are crucial windows files. I chose the option disinfect for every one of these files and delete for the rest of them.

Neither worked for 42 of them and i cant save the log anywhere to post it here as well. I didnt choose the delete option for the system32 files because i think they are needed by windows.

When i restarted after the scan finished i get the blue screen again as i did before.\

I cant understand whats happening. And i dodnt know if theres any way to get the log out of the bootable usb to post it here for more help.

Something i have been thinking....If i do a clean install of windows without formatting the HD will i lose any of my data apart from the My documents folder? For example everything thats on the desktop is in the Documents and Settings/My account name  folder. Will these go as well? Because all of my data is on the desktop as i recently did a fresh install of Windows.

Thanks

[SuperDave]

Hi Sander. If you do a clean install I'm quite sure you will lose everything. Just sit tight and we'll figure out some way of getting logged on.

[Sander]

Ok thanks for standing by SD i appreciate it.

The reason i am asking for an installation of windows is because last time i installed windows i accidentaly installed it twice on the HD and both installations were present on the disk but i am not sure if i will lose any of my data. Anyway, another thing is that i can access my data from the rescue USB but i am not sure if i can transfer it to any other HD. It is also quite a lot of files resulting to 200GB of space.

I am looking forward for more guidance.