Hello All,

I am having similar problems to the recently solved thread of Kevin's. I have been using my PC at home and seemed to work great except for it being a little slow. I moved back to school yesterday set up my PC, hooked up to the internet started my computer and windows police pro popped up. I was still able to connect the internet and run programs. Seemed fishy so i turned my PC off and looked everything up on my ipod. Found kevins thread. I started up my PC again this morning and nothing worked. All my AV, Ad-aware is disabled with the error message saying the .exe files are corrupted. I attempted to start up in Safemode but get a list of stuff about my drivers. PC never getting to the desktop, after the list is displayed my computer restarts. Am I totally screwed?

I am still able to open my task manager in normal mode if that helps.

I am currently on a university computer. But am able to use my ipod to check for your updates on how to resolve this issue.

Question! For mba-m and flash drives. I have ton of important class information on my flash drive. If i download MBA-M on my flash drive do i have any risk of corrupting the data that already exists on my flash drive when i go to transfer MBA-M to the infected computer?

I am running windows xp, I still can not enter safe mode , once I choose safemode a long list of files from system 32 appear and then the comp restarts, I am then returned to the prompt telling me that hardware or software is not allowing me to start in safe mode because of system failure. If I choose last known good config I start in normal once again but with the same desire.exe poop ups and wop. There is an option to disable auto restart on system fail but am not sure what thy actually does . Please help me out I need this comp for school. I am not posting from my pc but my iPod. Sometimes I can access the Internet, on my pc, should I dl mbam to my of or use a flash drive to transfer it over ? I appologize for any spelling mistakes these iPod key boards are so small!

I managed to access the internet by right clicking on the disabled firewall icon and clicking on "go to microsoft security". I had explained what happens when I attempt to restart in safe mode. I had managed to get a picture of my screen with my cell phone. I uploaded it to imageshack.

http://img228.imageshack.us/img228/9...entaspxodl.jpg

I dont understand what is happening with my drivers. I will attempt again to get a better picture of the end of the paths. I have also downloaded MBA-M but cant installed it yet. I feel like running it in normal mode is pointless and might make more work for me later. I am really not sure

I am not sure that you have the same infection as the others. Sounds like you have a bigger mess going on....

If you are able to install MBA-M, try this:

First, Rename mbam.exe to zappa.com
See if it will run.
If so, please have it remove all that it finds and post the log for us.


If it does not run, you can try the following, but it is strictly a "Run At Your Own Risk!" proposition:

* Download KILLBAD.zip and EXTRACT the KILLBAD folder to your C:\ Drive
* Use START > RUN >Command.com to get a command prompt

* TYPE C:\KILLBAD\KILLBAD.bat ENTER

* If the tool is able to run, a log should eventually pop up in notepad.
Please post that for us.

-- I gotta say, though, it sounds like you have a larger issue at play and I am not sure this would be the best idea...

Best Luck
PP

New linky for KILLBAD.zip

KILLBAD.zip

You might be able to run it by navigating to C:\KILLBAD\KILLBAD.bat and DoubleClicking the .bat file - that ought to work.

PP

I have not yet tried to rename the mbam.exe yet, but does it seem like i might have to reformat? What things could happen if i were to run the killbad.zip? I feel like my drivers might have not been updated correctly. Steam had asked me a while back to update my drivers which was kinda wierd. I did what valve asked but it kinda screwed some stuff up. Do you think that might have to do with anything? I need to reformat anyways i havent in like 2 years so i feel its time. Do you think that it might be best if i were to just do that instead of try to save my PC?

Well . . . If you are going to format anyway, there is probably no harm in trying the other options first.
Try renaming mbam.exe first.

Killbad probably won't do any harm.

Let us know how you want to proceed....

PP

As it turns out, this infection is a real pain in the ass! My simple little batch ain't gonna do it, lol!

Looks like there are some serious rootkit components to this.
Generally, when I see baddies such as this, I advise a reformat because of the nature of the rootkit beast.
However, if you'd like to give cleaning this a shot, we can try to get combofix to run.
To do that, we'll need to take a different tack.

If you'd like to continue, please do the following:

Please Download Win32kDiag and save it to your Desktop.

• http://ad13.geekstogo.com/Win32kDiag.exe
• http://download.bleepingcomputer.com...Win32kDiag.exe

-- DoubleClick on Win32kDiag.exe to run it. Let it run for as long as it needs to.
-- When it says Finished – Press any key to exit, do that to exit the program.
-- You should now have a Win32kDiag.txt on your Desktop. Please post the entire log for me and we’ll go from there.

I will check back as soon as time permits.

Cheers
PP

I ran the Win32kdiag. I let it run for a while came back and all my icons and start menu were gone. I restarted and this is the only entire into the log:

Log file is located at: C:\Documents and Settings\Talis Lazdins\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Cannot access: C:\WINDOWS\system32\drivers\dgje3e7.sys

I will try again to see if i can get it to work?

Yes - try that.

Delete your copy of Win32kDiag and then download a fresh copy and try it again.

PP