Virus takes over csipro

??? My PC has been infected with one or more of the tags .PC is under control almost totally, by the bugs.The infection has survived several installs , all with formats.I am told that a format ,removes all data , malware can not survive .

Every protection for, spyware malware , any ware you like, has been corrupted by this “Thing”. I am at a loss of ideas on how to deal with this .

PC is a Dell Inspiron 518 . Win,Vista SP2 ,Dual Core 240Gz proccessers 250Gig Hard DRV. All the updates to present .

I am not an IT techie . Just an old user . My knowledge of PC’s is that of a small child … I would like some help ,please Dewey5718

Did you perform a full scan with CCE?
What did it find?

While I love Comodo very much I must say that some professionals say the detection rate of CIS is not that high and CIS is not capable of repairing infected PCs most of the time.

FIRST OF ALL, please provide details of your infection. For example, the symptoms and what make you know that it is infected. This could assist the knowledgeable members of the forum to help you (BTW I am not knowledgeable at all 88))

You could try this:

  1. Download avast antivirus (free) from another pc. Save the setup file on a usb.

  2. Boot your infected pc into safe mode (repeatedly press F8 when booting). Install avast. Fully update the program and do a full scan. Also, do a boot time scan (avast → scan computer → boot time scan → schedule now → restart now).

  3. If avast cant be installed, dont panic. On another pc download SuperAntiSpyware (free). Save onto usb. Boot up your infected pc into safe mode (repeatedly press F8 when booting). Install SAS. Update the program. NOTE: if SAS cant be start due to virus, go the Start → SuperAntiSpyware Alternate Start (this would start up SAS with random process name – a very powerful defense against virus attack).

  4. Run a Complete scan with SAS, you could tick the Enable Rescue Scan box. Also, select all drives to scan.

Also, if you have fully reformatted your hdd and the virus still persists, it is probable that it has infected your BIOS. If so, it is a big deal and really not easy to fix. You could seek help from a technician.


This is my 2 cents.

Have the provided tips been of any help?

Not at all . This “THING” has learned to spoof all scans . It has no indication of" being "from all the programs I have used .Comodo products have done the best job . Maybe this is a clue .When I do an intstall ,I choose, repair PC .Results are shown as ,one result in registry .I am going to scan the OS disk just see if there is a virus on the OS disk . The only thing left is the BIOS , or the chipset on mother board . I am just a little better than a “newbie”,but not much .Will respond re:disk scan Thank you and others for advice and help

Well if it’s a rootkit we need to find out which one it is, there are several that can survive a ‘format’ of a disk.
You need to wipe it completely clean before re-installing if it’s a disk based RK.

Have you tried this?

Please try this one, boot from it and scan your whole system

As Ronny said, if the malware is on your hdd, you would probably need to do a FULL FORMAT of your hdd before reinstalling your OS. Repairing may not remove the virus.

No I have not . I will and reply soon . Thank you for the interest you have shown . That goes for all that have replied .

Sorry bout tardy . Many scans . The only thing that showed was penny ante things ,like cookiies

Edit by EricJH: fixed your quote

Hello 5718Dewey

Could you please post something about the virus? For example, what lead you to think there is a virus? I am sure some other forumers could give you more advice if they knew exactly what is going on.


The problems began when some young hackers got to gether and form a grouup called Hackers forever or it was even more dumb than that.I think it came fro my Gsons PC thru’ the wifi DSL connection I have .ie; I am on DSL and the other three PCs in the house use wifi from my modem . .

ANY way I was able to get rid of that bunch with a logic bomb trap I found on the web.

Idid wrong by assuming that all was clean , and went on my merry way .The PC started to slow down ,and I was being limited in what I could do W/ PC. .I went to an msn support site . They worked hard to help delete the BUG as I call it . No Joy there . I was refered by them to another site .

Being stuborn ,I went on MY way .Bad choice

Malware anti spy ware bot cleaners . All to no joy.

When the bug got ticked enough with my attempts to delete it , the bug would freeze , or black screen the PC .

I then would have to take out the CMOS battery and do anther clean install .

Safter the second second install , the bug had denied me the format .Went to the Bttery pull.nojoy.Pullledpower lead from HDD and booted . I am no techie ,I didnt record what came up on my monitor ,readable but grek to me .put the lead back on and rebooted from disk . It all began again .

I found Comodo and have progressed a litle every encounter and or scan . I have some screen shots from my last 5 hour session with a very good GBuddy.I will atach them on a reply to the BOSS . Thank you all for your interest and help. Dewey :P0l

Would you mind following the advice that I give in my article on How to Know If Your Computer Is Infected and report back to us what you find.

If it comes up clean, after you do the necessary analysis (as explained in the article) then this is not a malware problem. It’s always possible that this could be hardware related or just a software incompatibility.

Also, when you say that

what exactly do you mean? Do you mean that a scanner identified a file as dangerous. If so then which scanner and what did it identify it as?

The more information we have the more we can help.


Sorry about my inept attempts to follow your instructions .some how the tries i have done with the instruction you gave are being interfered with by ? The first time I started the instruction , I got as far as the kill switch going to strat killing or deleting bad things it had found ,and the power went out in our area. Since the outage ,no connection I think, I can not get CCE to download and run properly . when I try to run Kill switch it has errors in the display of thing to check .Would it be possible to have a very skilled Buddy do a remote . Using you instruction ? I have faith in your system ,but this bug does things to my PC that are hard to believe . I wish I could buy a new HDD and sent the infected one to you for study .

Please dont give up on me 5718Dewey

Hello 5718Dewey

First of all, sorry I often can not fully understand your sentences :wink:

If English is not your mother tongue, perhaps you could write in your own language after your English version (ie, write in English, then in your own language). I think some members may be able to read other languages (I can read simplified and traditional Chinese). That way we could better understand you :slight_smile:

Secondly, a very slow PC does not necessarily mean it is infected. It could be caused by a failing HDD, for example (especially you have been repeatedly scanning the disk, which is a intensive task, esp for older hdds). Other reasons could include a fragmented disk, system errors, fragmented registry, too much temp files etc. You keep saying there is a “bad thing” and “bug” but what exactly are they? Do you mind listing out all the findings?

Additionally, if you, as the administrator of the pc, are prevented from performing a full format of you HDD (for whatever bug you have), you could download a Linux ISO and create a Linux live usb / cd. Boot you pc using the usb / cd and use it to do a FULL format of the hdd.


did you try killswitch?

I am still having trouble downloading CCE .Pop up , after I had tried to download CCe that to complete download “Please delete CCe”.It has come up before when some download was being replaced by updated VER. As I watched the download I saw other programs being uninstalled as well .

I dont think anything to important is gone .

In the past as well as now I have been denied ability to ;format on clean install, use of cd/dvd drv.,I can do a msconfig session but am not allowed access to some feature that would remove winlogon.exe . This exe had no folder assoc. with it . Hover over it and , doing Admin Work .I can access cmd.exe but , as the last one nothing that would harm bug is allowed .logging on to forums my password would be mare than doubled in length . In so doing I could not log in.

When I try to tart stopped systems that are needed to assure no malware can get in progams or folders , I am not allowed . Not because I dont have permissions enough , ."Topic ,or program is denied to you . Or .not available at this time .When wanting to uninstall a program bug wants to keep , message reads "Please wat untill running program is unistalled . I had not started an unintall at that time .Some times when doing a harm to bug the command black screen will pop up . Jusat a hlf second or less .The more I do to delete buug the more services are cut off from my using them I will try to lod CCE again to see whhat h goes on

Best Regards to You 5718Dewey

Perhaps you could try to download CCE from another PC (eg borrow a friend’s) and save it to an USB. And then boot your infected PC into safe mode by pressing F8 when the PC is starting (so that Windows only loads necessary files, makes it easier to clean). And then run CCE.


Running CCE &/or Killswitch is very bad advices for inexperienced user
System will be dead way before any help can be provided (that was said here in the forum many times already) - dangerous!

In addition - you do not ever fight malware in Safe Mode in the 1st place
That was discussed thousands of times. In short - that is the way malware will definitely escape … yes!

You will probably use Safe Mode, but only when & IF certified expert will tell you after he/she gathers certain preliminary info about your system

To the original poster:
5718Dewey, please visit one of the dedicated forums where you can get help and be assisted by certified specialists.

If you want to know some places, please just ask

My regards

Actually using CCE or Killswitch is advised by the CEO Melih.

Also, from my own experience of dealing with infected pcs, booting into safe mode makes it easy for the av to remove malware.

Here is an article: