Urgent the live support always disconnected

I am a customer of your product, Comodo Internet Security Pro.

I find my laptop was infected by a very bad virus. So, I have tried to

contact you by the live support. However, it cannot work. I think the

virus block me to connect the live support.

I du need your help to sort out this problem!

My user name is monkiw027

Best regards,

Huang

Ps. I have logged some info for this virus:

The virus modified a registry value
HKLM\software\microsfot\windows NT\currentversion\windows\appinit_dlls

Meanwhile the virus jnjected some modules into following process:

svchost PID 1118 parent pid 608 eprocess 0x8949F020
and then report host process for windows services stopped working and

was closed
C:\Windows\System32\wbem\WinMgmtR.dll
C:\Windows\System32\winlogon.exe
C:\Windows\System32\drivers\luafv.sys
C:\Windows\System32\drivers\fltMgr.sys
C:\Windows\System32\ci.dll
C:\Windows\System32\PSHED.DLL
C:\Windows\System32\qmgr.dll
C:\Windows\System32\tbssvc.dll
C:\Windows\System32\diagperf.dll
C:\Windows\System32\tquery.dll
C:\Windows\System32\dps.dll
C:\Windows\System32\emdmgmt.dll
C:\Windows\System32\schedsvc.dll
C:\Windows\System32\wlansvc.dll
C:\Windows\System32\adtschema.dll
C:\Windows\System32\radardt.dll
C:\Windows\System32\gpsvc.dll
C:\Windows\System32\profsvc.dll
C:\Windows\System32\wevtapi.dll

Once I remove the above module from the svchost, then it displayed

some new injected modules listed at below
C:\Windows\System32\services.exe
C:\Windows\System32\wuaueng.dll
C:\Windows\System32\tbssvc.dll
C:\Windows\System32\winlogon.exe
C:\Windows\System32\wbem\WinMgmtR.dll

This virus even can injected modules under Windows’s safe module

smss.exe pid 460 parent pid 4 eprocess 0x86EC6D90
C:\Windows\System32\smss.exe
base 0x475c000 size 0x00012000

I also find the virus injected module into microsoft MSE
msseces.exe 2176 3664 0x8980A020
C:\Program Files\Microsoft Security Essentials\MsMpRes.dll

If I launched chrome, then it will injected en-GB.dll into chrome.exe

C:\Users\myname\AppData\Local\Google\Chrome\Application\5.0.375.70

\Locales\en-GB.dll

Last but ont least, the virus create a polluted file

(MountPointManagerRemoteDatabase) under the directory of

C:Systemvolume Information

It also injected virus into C:\windows\CSC\v2.0.6 follwing

directories, such as namespace and temp

The worst thing is the virus create bad clusters on my hard drive and

also probably wrote virus info into the MBR

I recommend downloading dr.web livecd on another computer burning it to a cd and running that to clean things out. ftp://ftp.drweb.com/pub/drweb/livecd/minDrWebLiveCD-5.0.3.iso

Can you still access the internet from this computer?

If you can then you can give Hitman Pro:

a shot. Although I’m not sure if programs such as this can run on a computer this infected.

Try Dr. Web and see if it can clean up your computer enough for ordinary antimalware aplications to instlall.

Then see this guide:
What You Need To Know About Removing Infections and Securing Your Computer

I cannot access the ftp site as it shows invalid.

try here http://www.freedrweb.com/livecd/?lng=en or here http://www.softpedia.com/get/Antivirus/Dr-Web-LiveCD.shtml

It is funny. I had downloaded the Hitman pro twice on my hard drive. They are both dispeared after the downloading.

Now, my live support totally cannot work!

your infected with something that is blocking hitman pro and live support. you need to use a bootable cd to clean it.

Create it on another computer if you can. I don’t think it’ll work on yours.

Finally, I successfully scan my laptop with Hitman, but fiind noihing. Meanwhile, I find service.exe tried to modified the registry value of Hitman

Which kind og bootable CD?

I don’t understand the question.

This kind.

Please clarify what you’re asking for, because you’ve got me confused. ??? (See)