Red Icon with a White X - Can't Remove

[Amirrr]

Hello Everyone

I was surfing in a forum today when all of sudden my computer restarted. After that there was this red icon with a white “x” sayin that my computer is infected. First thing that came up to my mind was spyware so I ran a full scan using Ad-aware and another full virus scan using Avira Personal. Thinking its gonna solve the problems it actually made it worse. Now while im using the it just start restarting randomly. And also when I search something on google and the results come up. When I click on the results it goes to these pages about anti viruses and anti spywares. I really need help. I tried downloading Malwarebytes' Anti-Malware but somehow it wont let me open this program. I also wanted to burn a DVD in case I have to format my hard drive but somehow nero doesn’t open too. Its like affecting everything in my computer. I don’t want to format my hard drive because im a photographer and I have these pics on my computer that I don’t want to get erased.

[Firebytes]

If you still want to install MalwareBytes then see if this post from another thread will help you. Also, you might try installing SuperAntiSpyware as well and then run a scan in safe-mode.

You might also want to install HijackThis and then submit the log it creates to one of the forums in the links provided here to analyze it's findings.

If nothing else, do you have a restore point that you can roll back to before the infection occurred? Might be the easiest solution to try first.

Also if you get it cleared up...be sure to back those photos up somewhere just in case of future problems.

[Amirrr]

i tried installing MalwareBytes & HijackThis but as soon as i download them and click on them nothing happens. This virus/spyware or whatever it is, is stopping me from running these programs. I can't even run Nero. When i click on them the install page never shows up and nothing happens. I tried to restore my computer but it didnt help at all. I can't even open Nero and burn the photos on CD. I guess i should buy an external hard drive tomorrow as soon as stores open up. Any ideas what i can do now that neither of MalwareBytes & HijackThis open?

[Firebytes]

Rename the HijackThis executable to something else and then try to run it. Also, did you read the post from the link I gave you earlier regarding MalwareBytes? Can you run SuerAntiSpyware in safe mode? You also could try downloading and running Dr. Web CureIt. Avast AV has a boot time scan that might help but you would want to be able to uninstall Avira first before trying to install avast I would think, which might be hard to accomplish since you are already infected. Not sure any of this will help but its worth a try.

Maybe someone more knowlegeable in malware removal than me will offer some advice soon.

[JRViejo]

Amirr, like Firebytes, I was going to suggest Dr.Web CureIt! and I also suggest McAffe Stinger, but if the malware is blocking any program from opening, you might have to use someone else's computer to download the software and burn it to a disc so your PC can't tamper with it, as you try to open them.

[Firebytes]

A couple of links concerning malware removal to read through:

Major Geeks Malware Removal Guide

Bleeping Computer Malware Removal Guides

[Amirrr]

Quote:

Originally Posted by Firebytes

Rename the HijackThis executable to something else and then try to run it. Also, did you read the post from the link I gave you earlier regarding MalwareBytes? Can you run SuerAntiSpyware in safe mode? You also could try downloading and running Dr. Web CureIt. Avast AV has a boot time scan that might help but you would want to be able to uninstall Avira first before trying to install avast I would think, which might be hard to accomplish since you are already infected. Not sure any of this will help but its worth a try.

Maybe someone more knowlegeable in malware removal than me will offer some advice soon.

Thx. I read the post from the link u gave me. The thing is i didnt have a problem with installing MalwareBytes. I burnt it on a CD using another computer and it worked when i tried opening it from the CD (I couldn't open it directly from my computer). Its installed on my computer but i can't open the actual software. I haven't tried the safe mode and thats what im going to try now after this post. If it doesn't help i'm just going to find Dr.Web CureIt and give that a shot. Is there a website i can get this software from? There is no way to think about formatting the hard drive because there is no way to lose all these pictures.

Quote:

Originally Posted by JRViejo

Amirr, like Firebytes, I was going to suggest Dr.Web CureIt! and I also suggest McAffe Stinger, but if the malware is blocking any program from opening, you might have to use someone else's computer to download the software and burn it to a disc so your PC can't tamper with it, as you try to open them.

Thank U..Im gonna give Dr.Web CureIt a shot..
Can i run Dr.Web CureIt in safe mode in case it doesn't install or run on my computer?

[Firebytes]

Amirrr,

When you got the red icon with the white x stating that you were infected were you asked to download and install any certain program to "fix" the problem? If members here knew what malware you had it might help them offer a solution.

I am thinking that downloading SmitFraudFix and running it in safe-mode might be a good idea. Anyone else think so?

[Amirrr]

Tried running Malwarebytes' Anti-Malware in safe mode = No Luck..Still Wont Open

Tried changing the .exe names in the folder= No Luck...Gives me this Run Time Error:0

Tried installing HiJackthis in Safe Mode= Worked but still wont open in safe mode

Tried opening HiJackthis in Widows Mode= No Luck..The program doesn't run

to be honest i have no idea what i shoud do right now. And my computer keeps restarting like every 20 min. And i can't open half the programs on my computer. And when i search for something on google these weird pages open up instead of the original webpages.


Firebytes's: No i didnt install anything when i got the error msg.

[Amirrr]

ok finally this HijackThis thing worked...here is the log but i got this error in the middle i dont know if its gonna effect the log. Here is the picture of the error

http://i37.tinypic.com/29m0ums.jpg

~HijackThis log removed~

[Firebytes]

amirrr,

HijackThis logs are no longer allowed here at Wilders and I am sure it will soon be removed. However, now that you have been able to generate a HJT log you can submit it to one of the sites linked to near the bottom of this post for assistance.

I think SmitFraudFix may be your answer but you might be better off waiting for assistance with the HJT log at one of the support sites. If you do want to read up on SmitFraudFix here is the link.

[Firebytes]

If you want to you can copy and paste the log into this website for an automated analysis, just to get an idea of what you might have, until you get an answer from a real analyst at one of the sites I linked you to in the post above.

[snapdragin]

Hi Amirrr - Firebytes is correct, Wilderssecurity no longer analyses Hijackthis logs, thus I've removed your log. Please see our policy (link below) regarding HjackThis logs and recommended forums that you can go to for one on one malware cleaning assistance.

http://www.wilderssecurity.com/showthread.php?t=42148

[Amirrr]

Oh sorry about..first time posting here

i copy & pasted the log into this website and the following files came up as exteremly nasty

sysrest32.exe
svchost.exeO4
brastk.exe
brastk.exe
AppInit_DLLs: karna.dat

how do i get rid of these files? i searched for brastk and its an virus and i need a software called KillBox to delete it. I tried downloading it but can't open the file. It wont let me install the software.

[snowbound]

Quote:

Originally Posted by Amirrr

Oh sorry about..first time posting here

i copy & pasted the log into this website and the following files came up as exteremly nasty

sysrest32.exe
svchost.exeO4
brastk.exe
brastk.exe
AppInit_DLLs: karna.dat

how do i get rid of these files? i searched for brastk and its an virus and i need a software called KillBox to delete it. I tried downloading it but can't open the file. It wont let me install the software.

Amirrr,

It's much safer to let a HJT expert help u remove this possible malware. It can be complex and if u try to remove yourself, and it's not done properly, there is potential to damage your system further.

If u would like, follow the instructions and post a log over at this site,

http://forum.gladiator-antivirus.com...howtopic=10517

The experts there will give u recommendations and guide u through the cleaning process.



snowbound

[Tarq57]

The only experience I've got of this little bu@@er is reading of others adventures with it here.This thread runs to over 3 pages. A link within suggests a removal tool here. Might be worth a shot. Good luck.