Virus won't let me log in

[imported_Imp]

Need help. Posting from my PS3.

It was not a pron site fyi. It was an emo forum.

So I got infected through google cache. Anti-vir caught something but before i could delete, the vir turned off AV and firewall. I opened task man. and saw at least 3 suspect processes that i then ended. Then i made a huge error by restarting before using Malwarebytes.

Now i can not log back in windows normal or safemode. It says win needs to be activated first. If i click no, it goes to login screen. If i yes it goes to desktop for a minute before logging out. Note that desktop is not usable cause its not done loading will not accept input or show taskbar. Any ideas how to login?

I saw process mxsh? and txh.exe? I have most personal files in second partition but did not backup some itunes and pictures on windows part. I can bitch to itunes cs to redownload but would rather not have to format and reinstall.

Any ideas? Thank you.

FML.

 

[tzdk]

Your problem could be reason why some AV-makers offer live-cds

Since Avira was on to something try their rescue cd first http://www.free-av.com/en/tool...vir_rescue_system.html

Before you scan make sure to check pic no. 4 in this little guide http://forum.avira.com/wbb/ind...=Thread&threadID=82163 or it wont remove all infections. Typical Avira interface

If it wont boot try Dr. Webs live-cd http://freedrweb.com/livecd/?lng=en a lot better than Aviras because it has browser, file manager and a more full featured scanner. Avira probably better at detecting though. So can also be used to copy your stuff from C: should it come to that. Also think it is more compatible with whatever motherboard and what else needs to be happy. These live-cds are Linux based, some more updated than others.

Kaspersky also have one http://downloads.kaspersky-lab.../devbuilds/RescueDisk/

And Bitdefender, also a good with lots of extras for this situation, http://download.bitdefender.com/rescue_cd/

Dont think any live-cd scanner has the ability to quarantine files or fixes to registry so if they are wrong you could have a problem. You also have one now so... See if you cant save log from actions, check out options/menus. Unless told to skip certain categories like "unwanted" programs, Avira has a "joke" category there could be some false positives. Just take it easy and try to ignore the fluff. When Windows is fixed any mistakes can probably be restored, easier with some info on events.

I understand why safe-boot is disabled, and much more I bet, but not the problem of using computer - what is the point? Pure destruction? Dont know if you can do some tricks on a non-responding desktop or this problem is because your Windows is not fully compatible with virus Would think you should be able to log-on so virus can spread some more, may be attach itself to removables, network.

 

[mechBgon]

In future, can I suggest you don't browse the Internet from an Admin-level user account any more. It's like driving without your seatbelt on... you might've done it for years without an accident, but it's not safe. how to use a non-Admin user account and other security suggestions This stuff is easily prevented.

 

[imported_Imp]

Running from second computer right now, still no luck.

Thanks for the links to recovery CDs. My bro had a Norton one, but the definitions were one year old, and it wouldn't update (duh?) in boot. I'll give it a shot if I can't get anything going in safemode.

The good news is that I can get into safemode now, it was just safemode with networking that was screwed. My guess is that it was trying to install a Windows Activiation credit card scam, but I ended the virus processes in task manager before it finished, so now I have a screwed up computer and half a working virus.

Unfortunately, this virus seems to have screwed up my version of Malwarebytes, or it just doesn't run in safemode. I went out to get a USB key (mine was at work), and now have 5 anti-virus programs loaded onto it. Going to see if any of them work. If not, I'll try to install windows on my second partition, and scan from there. If that still doesn't work, then I'll format the windows and just start over.

The biggest problem I have right now is that nothing will copy & paste in safemode right now. Even the taskbar doesn't show up completely. If I try "copy to" or manually copy & paste, it just doesn't work. So, my backing up plan is screwed.

And thanks for the advice about admin level account surfing. I never thought about that before. My main user account has always had full admin rights. I'll change that in the future to prevent this bullshit. There goes the weekend...

 

[imported_Imp]

Ok, virus is gone, as far as I know, but computer is so far gone that I'm going to wipe my entire drive after backing everything up.

Looks like the Windows Activation requirement was real. It didn't ask for a credit card, and was like the real version I've seen before. The virus did something to the hardware profiles or something to set off the activation prompt.

In the end, it was Malwarebytes that found everything after I installed Windows onto my second partition. The 3 viruses it found were:

- xa.tmp (Trojan.Downloader)
- SKYNETdwynrjkd.sys (Trojan.TDSS)
- ytasfwmbcrnseqxt.tmp (Trojan.TDSS)

It looks like it was either xa.tmp or SKYNET that was slowing my entire system down upon startup. After deleting them, everything was smooth again.

Unfortunately, I have absolutely no confidence in my system anymore, and will not do anything confidential on it without a full format. I've been meaning to do this for a while, so I guess it's time. I've also been hoping to get a new system, but the pain of having to transfer files and reinstall stuff was holding me back; no problem now.

Thanks for the help though. I will try to use a non-admin account in the future for regular usage.