Default How to fix severe virus problems?

Two days ago, Ive noticed that my computer is slowing down. Ive accesed the control managment (to be honest I don`t know how it is called on english, cause my XP is on croatian, but the keypad shortcut is AltGr + Ctrl + Del) and I saw that some installation process in going on. Before I was able to end it, the installation completed and my comp was infected.

It changed my wallpaper, deleted some icons, and locked me out of some key systems. I can`t access hard disk, control panel, control managment, or any system that could help me to realise what is wrong.

Ive run a on - demand scanner with full system scan twice, and I couldnt remove virus. First time it found 345 infected files, and cleaned 296, and second time it founded 52 infected files, and cleaned only three. One of the problems is that more than 2000 files, including some in /windows/system32/ are locked and cannot be accessed.

The “XP” is opening my internet broswers suggesting me to download some of the “antivirus programs” to clean it, but I didn`t fail on that. (the sites are “safewebnavigate.com”, “antivirus-2008.pro.com”…)
What should I do, and how can I get rid of this virus?

And microsoft has sent me “microsoft windows malicious software removal tool” via automatic updates, but it has found only one infected file… Is that program any good?

Here are some screenshots of my problem, uploaded to imageshack…

http://img300.imageshack.us/img300/3372/virusxz4.png
http://img440.imageshack.us/img440/4...jamaterxz2.png
http://img292.imageshack.us/img292/4...ectionspn2.png
http://img172.imageshack.us/img172/2107/krajam7.png
http://img135.imageshack.us/img135/3...arddiscpq8.png

All those “antivirus, and anti****” icons you can see on my background are added by virus…

I`ve forgot…
NOD has found many different versions of win32/worm, trojan downloader, you name it…
And AMON has found NewHeur_PE virus.

This is file name…
Module Object Name Threat Action User Information
9.7.2008 18:07: VIRUS ALERT! IMON file -Virus Link Removed- unknown NewHeur_PE virus NT AUTHORITY\SYSTEM

Removed Virus Link- 3xist.
(:m*)

Hey Psychozd. Welcome to the Forums!

First Download & install the following:
SUPERAntispyware Free
Malware Bytes’ Anti-Malware
Clamwin

Those links will automatically begin downloading. Once you installed all 3 apps, Download all necessary definition updates for all of the products.

Now reboot, & when your computer starts up, Keep pressing “F8” until you get to the option to choose Safe Mode (Safe Mode is a special diagnostic mode) and click on it without networking. Finally, Scan & Remove all the infections found with MalwareBytes, SUPERAntispyware, NOD32, & ClamWin. (Make sure you do full system scans & ONE at a time). Now Reboot a 2nd time normally, & re-run the scans again.

Post back after you completed those steps, Tell me how your system is :slight_smile:

Goodluck!

Mods please remove the link it is a virus. Avast detected it as Win32:Agent-ZRK [trj]

edit: since Avast 4.8 Home detected it try downloading avast and using it’s Boot Time scanner which detects viruses and malware and even spyware before windows starts up. www.avast.com

Thanks it’s been removed.

One of the things you should do on a weekly basis is to manually check and update all your security programs. I have several that I have turned of in services.msc but bring them back online if I want more options in scanning.

The last infection I had caused the screen to constantly reload, I was able to stop it by booting to safe mode and then ran malwarebytes which slopped that problem and allowed me to scan in regular mode. If you think you are infected always scan in both modes.

My disappointment is that while scanning with over a dozen different programs, that many will find something different, a few times they will find the same file but not all, No one program finds them all not even 70% (maybe 60%) when I have gotten infected.
More than just a few of the scanning tools you use, will have false positives (but scan individually that program with other anti malware programs to be safe.

Let one of the Experts in anti malware removal assist you, sometimes they will recommend a removal program that is directed towards your infection. And at one point they will recommend clearing / turning OFF Windows Restore.

I mentionded earlier about insuring you update regularly, another item many do not pay attention to is the scan settings on each scanner. I found on almost all by default are set for Quick / Smart Scan. When you have an infection make sure you set the scan for Deep / Full scan (also inside archives).
The time usually takes 2-3 times longer, so be patient.

The quick scan setting also goes for Microsofts Malicious Removal Tool and Windows Defender. The difference is that Windows Defendere works like CAVS to scan for malware and the Malicious Removal Tool scans for malware that is already active like BoClean BUT you have to start the scan, while BoClean automatically reacts.

Windows Defender even though how low it is thought of, once found an infection that the others had missed ! The Malicious removal tool is normally uninstalled on the next reboot, after the monthly Windows patch updates.

Update Update Update, have several programs available (not necessarily running), and work with an Expert in malware scanning and removal.

UncleDoug

Also be aware that most AV’s only remove the “Active” components of your infection.
And take care it won’t startup again with your computer.

A lot of virus/worm/trojan suff also changes things in your registry and on file level/security.
So if i would get infected this way i think i’d go for the backup of may important data and do a clean install from the bottom up. And as UncleDoug stated, update, update, update. Run Secunia’s PSI or Comodo’s Vulnerability analyzer to see what application’s you run that need to be updated.

Run a realtime virusscanner a firewall and do some manual scanning with others every 2 weeks or so, save the logfiles so you can go back in time later to see if some “infection” was already there, or as most of them have false positives, compare them, or look them op on google to see if it’s real.

Also i’d prefer using Firefox in combination with NoScript to disable most javascript drivebydownloads.

Looks like that the main problem is trojan-ace-x.
Adaware and spysweeper detected they but couldn`t remove it.
Is there any program that can remove this malware, virus, whatever?

Tried this?