You can laugh at me for asking this but what exactly is an .exe file? Are any of the icons in that I image I posted in post #35 an .exe file?
The one name mbam on the left is the exe you want to rename, but like I said, did nuthin' for me. I'm giving up, using a flash drive to back up what files I can before restoring.
A lot of times malware will disable all programs from running. When this happens and I can't boot into safe mode I usually take out the hard drive and connect it to another computer. Boot up the other computer and run spyware scanner on the hard drive from there.
I don't have the time to read through the thread. But here's what I generally do for customer's computers: 1. Install Code Stuff Starter (google it...it's free). If you can't do anything in windows because of the malware, boot up in Safe Mode and install it. Basically, Code Stuff Starter will give you the option of stopping any processes you don't want running on boot up, sort of an easy way to make sure it all stops. 2. Malwarebytes, or superantispyware. All though for the most part I use malwarebytes. 3. I try using NTT (norton technician tool kit)......if all else fails.
If that's the case, I do highly recommend purchasing an adapter to attach your hd like an external drive.
I broke my own rule of not dealing with spyware/malware without giving reinstalling windows as the solution more than an hour into the process. 2 friends called me to come over and look at it, I think it was the same Security Tools thing, I finally, 7 hours later, told them it was hopeless. At that point, I don't even think the disc was booting to windows anymore. The next 3 hours were spent finding a Windows 95,98, Me, or 2000 disk, so we could use the Windows XP Pro Upgrade disc they had. Fun times though, I got through 3/4 of Band of Brothers while sitting around trying to fix the computer.
okay guize...i got this same virus from reading the bbs....it was easy to take off though....here are the steps -restart your computer in safe mode and run HijackThis....delete any unknown registry files that HijackThis lists -go to C:\Documents and Settings\Your Name\Application Data and delete the folder with the virus...it should be pretty easy to spot do all of this is safe mode and then restart your computer....easy stuff
Weird, I also got the virus today morning after only surfing on the BBS. Gave me something to do for the first hour of work! To get rid of it, I just restarted me pc, and right after it loaded up, I quickly went to task manager and ended the process (mine was mscqsysguard.exe). From there I was able to run both spybot and malwarebytes fine.
Can these viruses disable 'safe mode' on Windows? I've tried three different times to load my PC hitting F8 just once during boot up, continuously and pressing-and-holding......nothing.
This is a dirty little bug.. It gave me hell a couple months ago. Thankfully, I was able to fix it without formatting my computer.
A lot of Malware now corrupts the safeboot registry key that disables booting in safe mode. http://blog.didierstevens.com/2007/02/19/restoring-safe-mode-with-a-reg-file/ A very detailed site on removing all types of spyware. http://www.michaelhorowitz.com/removespyware.html
This works. I've had this virus twice before. 1. Reboot 2. Immediately open Task Manager when you log back in (ctrl alt del). Make sure you do it before the virus kicks in or else it will not let you open Task Manager. 3. Kill the process/program that the virus is running 4. Run Malwarebytes 5. All good in the hood
Restoring wasn't too bad (forgot my computer had a redundant drive to put all my stuff on). Installed Avast and Malwarebytes. Hope to God this never happens again.
