Hello,

I have a huge issue with my desktop computer, I have some sort of virus, or something like it, here are the symptoms I got:

Will not load at times at all
On lonong page I get several different notifications, winlogon.exe application error, visuall C++ library errors (also winlogon.exerelated) and more
if i can actually logon, usually I have no desktop items (sometimes I got them for a few minutes or so) I can access the taskmanager, but no internet at all, so cant do any online virus scans
cannot access my own virus program, tells me not enough memory to run, same goes for firefox, wont open
error messages regarding low virtual memory
it is the same in safemode as well, I do NOT have the recovery cd, but have recovery console installed, oh sytem reset to a previous date also not possible, the calendar in there comes up blank
Constant automatic shut downs due to system failure

Please please someone help me, can you tell me what virus that is, please help me save some of my babies pics at least, tell me how!!!

I am desperate and at my wits end, I cant keep using the old laptop I am on right now, it crawls along!!

Thank you for helping, I appreciate it

little update: I was able now to access the internet in safemode, it did not let me run even the mocrosoft malware removal tool, please someone help me, i am really desperate!!!

This really sounds more like a software / hardware issue but I'll try to help.

Do you have access to a computer other then the one you're having trouble with?
If so, do you have a thumb drive to transfer files back and forth?

yes i have access to another computer, thumbdrive not sure, give me a minute to look, thanks for helping me!!!

Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer if needed.


Stay with this topic until I give you the all clean post.

You might want to print these instructions out.


Download ComboFix from one of these locations:

Link 1
Link 2


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

• Drag the setup package onto ComboFix.exe and drop it.
  
  
• Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  
  
  
  
  
  
• At the next prompt, click 'Yes' to run the full ComboFix scan.
  
  
• When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt in your next reply using Copy/Paste.


Notes:

Give it atleast 20-30 minutes to finish if needed.

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Also please describe how your computer behaves in your next reply.

sorry for the delay, i have 2 little kids, found a thumbdrive

i do have the recovery console already installed, do I still need to take this step then, and in which mode do you want me to run the infected computer? I know already that I cannot disable the virus protection, because it wont even let me into that, and it does not come up during startup anymore, disabled that yesterday on the advice of microsoft support (waiting for their level 2 tech to call me in the next 4-6 days- I dont trust them though)

No on the recovery console then. If you can't disable the anti-virus program, just keep going on.

how do I get the files from the download section of firefox onto the thumbdrive?

Select Save As and select whatever drive your thumbdrive is or save it to your desktop and after downloaded copy them to the thumbdrive

sorry i am having some cable issues here, keeps going out, also I still could not figure out how to safe the file to the thumbdrive, it does not give me the option safe as

When you click on the download link it should pop-up a window that shows Save Run, select Save. When the download starts you should be able to save it where you want.

so when u say combifix is shutting down all usb devices, does that include my mouse and keyboard too, both usb

i got it on the thumbdrive, trying to start it through task manager, so far no luck, i am in normal mode, do you think safemode is better?

ok so now when I do the new task (run) on the combofix a little window appears with what seems to be a space to type in it, and the words combofix on the top, that is it though, nothing to click on or anything same think happens too when I try to start it directly from the thumbdrive, going to restart the computer now in safe mode, maybe that works then

This post has been edited by frankab: Sep 17 2009, 06:28 PM