I had read all the threads regarding this nasty and I have made some progress but now I am stuck.
I have a HP Pavilion 775y desktop, 2 megs ram
I am running windows XP

Earlier today I used system restore by using command.com which allowed me to access the internet and my icons reappeared but I still cannot run anything. Upon booting I get an error that Rundll32.exe was not found. Nothing loads into my tray either.

I don't know what to try at this point.

Get the malwarebytes anti malware program, then rename it with a .com ext instead of exe. Then it will run, do a scan and it will get rid of all the messed up registry stuff thats causing redirects.

If that does not work, do the same ext rename with Hijackthis program. Good luck, this one really pissed me off.

In the Malwarebyte folder there is an application named mbam. If I R-click that ap then select properties, under the program tab there is a MSDOS logo with a box next to it that currently has mbam.exe in it. Below that, after Cmd line is another box with the command line which ends in mbam.exe. Is this what needs to be changed?

In the Malwarebyte folder there is an application named mbam. If I R-click that ap then select properties, under the program tab there is a MSDOS logo with a box next to it that currently has mbam.exe in it. Below that, after Cmd line is another box with the command line which ends in mbam.exe. Is this what needs to be changed?

. Ijust r clicked and changed it on desktop with rename

Renaming it in that way had no effect for me. Same problem - I get the Open With box. Anyone else have ideas? I'm desperate.

I'm off to work, will check back tomorrow.

Renaming it in that way had no effect for me. Same problem - I get the Open With box. Anyone else have ideas? I'm desperate.

First, Rename mbam.exe to zappa.com
See if it will run.
If so, please have it remove all that it finds and post the log for us.


If it does not run, you can try the following, but it is strictly a "Run At Your Own Risk!" proposition:

* Download KILLBAD.zip and EXTRACT the KILLBAD folder to your C:\ Drive
* Use START > RUN >Command.com to get a command prompt

* TYPE C:\KILLBAD\KILLBAD.bat ENTER

* If the tool is able to run, a log should eventually pop up in notepad.
Please post that for us.

Then, try running MBA-M again.

Best Luck :)
PP

New linky for KILLBAD.zip

KILLBAD.zip

You might be able to run it by navigating to C:\KILLBAD\KILLBAD.bat and DoubleClicking the .bat file - that ought to work.

PP :)

Here's hoping you can get this to run....

As it turns out, this infection is major nasty! My simple little batch ain't gonna do it, lol!
Looks like there are some serious rootkit components to this and our best bet would be to get combofix to run. Generally, when I see baddies such as this, I advise a reformat because of the nature of the rootkit beast.
However, if you'd like to give cleaning this a shot, we can try to get combofix to run.
To do that, we'll need to take a different tack.

If you'd like to continue, please do the following:

Please Download Win32kDiag and save it to your Desktop.

http://ad13.geekstogo.com/Win32kDiag.exe
http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe

-- DoubleClick on Win32kDiag.exe to run it. Let it run for as long as it needs to.
-- When it says Finished – Press any key to exit, do that to exit the program.
-- You should now have a Win32kDiag.txt on your Desktop. Please post the entire log for me and we’ll go from there.

I will check back as soon as time permits.

Cheers :)
PP

I tried everything up to your last suggestion to no avail.
I downloaded win32diag but because it's an .exe I cannot run it.

I tried everything up to your last suggestion to no avail.
I downloaded win32diag but because it's an .exe I cannot run it.

Can your rename it to Win32kDiag.com and try that?

PP :)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.