Problem with System Fix virus

  onthelimit1 18:23 08 Dec 2011

Second PC in two days infected with this virus. First one was cleared using the Bleepingcomputer guide. On the second one, rkill and TDSSKiller run OK, but I can't install MBAM -'could not complete the operation' etc. I'm logged in as Administarator in Safe Mode.

Any ideas, please?

  birdface 18:24 08 Dec 2011

Try this in safe mode.

  onthelimit1 18:47 08 Dec 2011

Thanks buteman -I've already tried hitman and the Trendmicro online scans 9sorry, I should have mentioned that in my first post). They both found problems, but infection still there after re-boot. I've also tried renaming the MBAM file, but that didn't work either. This seems a particularly difficult bug!

  birdface 18:50 08 Dec 2011

Now not sure how you do it nowadays but you used to be able to switch users in safe mode and connect to the computer administrator and you would be able to download Malwarebytes from there.

Not sure if you can still do it now or not.

  birdface 18:53 08 Dec 2011

Try going into I/E .internet options.Connections.Lan Settings and if there is anything on use proxy server untick it and see if you can download Mbam then.

  onthelimit1 18:55 08 Dec 2011

No, not ticked. I can download MBAM, but at the end of the setup phase, it stops with an access denied message. Clicking OK just rolls back the installation.

  Fruit Bat /\0/\ 19:33 08 Dec 2011

Start- Run (search box) type devmgmt.msc and click OK

On the View menu - Show hidden devices Browse to Non-Plug and Play Drivers and you should see something like

TDSSspax.sys TDSSServ.sys gaopdxserv.sys UACmxegjtve.sys

Highlight the drivers and right click and select DISABLE - NOT uninstall.

Now RESTART your computer.

Download a copy of Malwarebytes or if you already have the install file but DO NOT run it yet.

Rename the downloaded installer file to any generic name such as your own name but keep the .EXE extension on the file and run it.

Once the program is installed go to the UPDATE tab and try to update the program if you can.

Then run a Quick Scan and allow MBAM to fix everything found.

  onthelimit1 19:50 08 Dec 2011

Thanks FB - in the middle of running Combofix at the mo. Will reporty back!

  baldydave 20:11 08 Dec 2011

Hi, If you still have problems then try the software below. Use a good pc to download and install program/this then downloads antivirus and antivirus signatures from microsoft/it then burns this to a cd or dvd. Go into the bios (del or f2 normally) and set pc to boot from cd.The cd will start and remove all of the problems as windows will not be running. Hope this helps, Dave

  onthelimit1 20:16 08 Dec 2011

Thanks all, but so far so good - Combofix has finished its run, and MBAM has now installed and is running. Shall report back in due course (this is a nasty little beggar).

  onthelimit1 09:00 09 Dec 2011

OK, PC now boots normally with no sign of the virus. All folders are available again.

BUT - the desktop has no icons visible. Right clicking the desktop does not produce the usual drop-down menu where 'arrange icons' can normally be seen. Further thoughts please (I wondered about a system restore, but that had been turned off sometime during the procedure).

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Huawei MateBook X Pro review

8 digital brands that designed custom typefaces to save millions

How to speed up a slow Mac

Comment résoudre des problèmes d’impressions ?