Hello all,
I am a newbie to these tec support forums, so bear with me (I can usually remove malware on my own with a bit of help from google!)... :normal:
After trying to set up a plug-in for Nero (at least i presume that's what it was, as that's when the trouble started) My system was infected with Vista Antivirus2008, a clone of the Antivirus2008 malware so I believe. My system has Spybot running in the background (and Bitdefender) and so those stopped the vast majority of dodgy registry entries being made pointing to the malware and the numerous trojans associated with it.
The VAV program has done the following to my system:-
- Disabled viewing of all Local hard drives from Explorer (although still accessable from typing the disc root into the address bar)... I have fixed this by installing Windows SteadyState onto the system.
- Disabled access to the registry, stating "Access to the registry has been disabled by the administrator", even though I am the administrator!... This was again fixed by SteadyState.
- Disabled the Task manager: Error message "The task manager has been disabled by the administrator" was shown, so i couldn't kill off the trojan's processes... I think this has been fixed by SteadyState
- XP Start Menu altered: No 'log off' button, no 'programs' buttom, no list of recently used programs, no access to Internet Explorer or Control Panel or the vast majority of links which used to be on the start menu. The programs menu is a lot smaller than it used to be. I NEED HELP FIXING THIS!!
- Disabled access to Internet: I can only access the internet using Safe Mode With Networking from the F8 boot menu, otherwise access on all ports has been blocked. I have just remembered whilst typing that I did stop all Internet traffic with bitdefender as soon as I realised the trojans were trying to install malware on the PC, so I will check that isn't the cause of this issue - but otherwise I will need help on this too.
- Vista Antivirus software installed on system and associated DLL's installed but now protected. shlwapi.dll and wininet.dll are associated with the trojan/virus/malware and cannot be deleted even though I cannot find the associated registry keys which may be protecting these, and these processes are not running in the background. I need help removing these traces of the malware.
I think more than anything else, I'm hacked off that I scanned the original suspect file with my antivirus before I opened it, and I still got the virus on the system!
I think I have managed to block the bulk of damage being done to the system, but I've spent the last 8 hours trying to remove and undo as much as I can (With the help of a registered version of SpyHunter). I need help getting the start menu back to how it was, deleting the DLL's, and possibly restoring Internet access. Any help will be appreciated.
I have logfiles of "main.txt" and "extra.txt" ready to paste in should they be needed.
I'm off to bed - so thanks in advance for any support.
I am a newbie to these tec support forums, so bear with me (I can usually remove malware on my own with a bit of help from google!)... :normal:
After trying to set up a plug-in for Nero (at least i presume that's what it was, as that's when the trouble started) My system was infected with Vista Antivirus2008, a clone of the Antivirus2008 malware so I believe. My system has Spybot running in the background (and Bitdefender) and so those stopped the vast majority of dodgy registry entries being made pointing to the malware and the numerous trojans associated with it.
The VAV program has done the following to my system:-
- Disabled viewing of all Local hard drives from Explorer (although still accessable from typing the disc root into the address bar)... I have fixed this by installing Windows SteadyState onto the system.
- Disabled access to the registry, stating "Access to the registry has been disabled by the administrator", even though I am the administrator!... This was again fixed by SteadyState.
- Disabled the Task manager: Error message "The task manager has been disabled by the administrator" was shown, so i couldn't kill off the trojan's processes... I think this has been fixed by SteadyState
- XP Start Menu altered: No 'log off' button, no 'programs' buttom, no list of recently used programs, no access to Internet Explorer or Control Panel or the vast majority of links which used to be on the start menu. The programs menu is a lot smaller than it used to be. I NEED HELP FIXING THIS!!
- Disabled access to Internet: I can only access the internet using Safe Mode With Networking from the F8 boot menu, otherwise access on all ports has been blocked. I have just remembered whilst typing that I did stop all Internet traffic with bitdefender as soon as I realised the trojans were trying to install malware on the PC, so I will check that isn't the cause of this issue - but otherwise I will need help on this too.
- Vista Antivirus software installed on system and associated DLL's installed but now protected. shlwapi.dll and wininet.dll are associated with the trojan/virus/malware and cannot be deleted even though I cannot find the associated registry keys which may be protecting these, and these processes are not running in the background. I need help removing these traces of the malware.
I think more than anything else, I'm hacked off that I scanned the original suspect file with my antivirus before I opened it, and I still got the virus on the system!
I think I have managed to block the bulk of damage being done to the system, but I've spent the last 8 hours trying to remove and undo as much as I can (With the help of a registered version of SpyHunter). I need help getting the start menu back to how it was, deleting the DLL's, and possibly restoring Internet access. Any help will be appreciated.
I have logfiles of "main.txt" and "extra.txt" ready to paste in should they be needed.
I'm off to bed - so thanks in advance for any support.