jfs_1950

Okay, something strange after I wiped the drives and reinstalled the OS. The mysterious Network Service reappeared. And the BitDefender firewall is showing something marked ".\System" trying to connect to the Internet. It has a red question mark on the icon. I blocked access, and then the Network Service and associated…

Hi Niels. I ran SDFix and the log showed nothing unusual. I cannot upload the log because the network connections have disappeared from the infected machine. If I try to open the network connections icon, control panel freezes and I have to kill it in the task manager. Also I can no longer reach the device manager. Maybe…

Hello jfs_1950, Personnally if I see that you now even got more problems it's better to restore a previous back-up.The infection might have caused some serious damage. Did Superantispyware detected something? Or you can still try this put in the windows installation cd-rom. After that press the windows button together with…

Niels and crysty2k5, thanks for all the help. Neither knoppix nodma nor failsafe helped with the bitdefender rescue disk. I did uninstall bitdefender though. I got autoruns installed. I hadn't forgotten about it. Just hadn't run it yet. I ran it...and now I cannot connect to the internet to send the log!!!! Nor can I…

Hello jfs_1950, Follow these instructions for how to re register windows installer. But I suppose that you know how to do that because you already mentioned it. It could be that superantispyware installation needs a reboot. But because of the diagnostic startup the superantispyware service will not be started. To solve…

Hi Niels. Diagnostic startup brought normal mode up very quickly. I will download the BD rescue disk and work to get my firewall back. Unfortunately I don't have a CD of the version of BD that I am running. A few months ago I had a massive crash due to hardware issues, and then I couldn't get BD to install properly from…

Hi, I am fast losing hope that I will be able to recover this machine. It is running slower and slower. The only thing I am able to do in normal mode is open the task manager. If I try to restart from task manager, explorer.exe hangs and I have to manually kill it. The performance tab shows virtually no CPU activity but…

Niels, Thanks, I will try that (not at that computer at the moment). Is there any way to delete the unknown user from all the security tabs? It has embedded itself all over the place. I don't think it is controlling anything other than the superantivirus, but would like to clear it out anyway. Also, should I be worried…

Here is combofix log from running it with windows in normal mode. The recovery console somehow got uninstalled, and so I had to run it again after reinstalling. Combofix seems to run normally but hangs after it opens the log. To get the computer back, I have to open the task manager and do a restart off the menu, and it…

I have deleted a malware user from the registry and from the folders where superantispyware installer is loaded, but still cannot get it to let me install. The app itself still is denying me security rights. The check boxes are disabled and I can't figure out how to enable them. While I was deleting the malware user from…

Thank you Niels and Crysty2k5! I will try that tonight. I do have control of the task mgr window. I'm slowly chipping away at the malware's defenses that keep me from installing superantispyware. After I found the extra user in the registry (named S-1-5-21- with a long string of numbers following), I deleted that in the…

Addendum after I thought about this. It is possible that my desktop problem came from running combofix in safe mode. Because when it cleared the desktop, the safe mode alert about running in safe mode came up. Usually you have to hit okay at that point and then windows loads the desktop. But the combofix instructions state…

I can't tell you how much I appreciate your help. Okay, the easy part first. I looked at my permissions in the registry and indeed, in one case (HKLM) I had limited rights. I fixed that and also found an "unknown user" and I deleted its rights. Ran combofix in safe mode. Maybe that was a mistake and I should have done it…

Okay, I tried Malwarebytes' Anti-Malware. Installed properly over the internet. Deep scan came up clean. I still cannot install Superantispyware. I have tried the registry fixes I found on the web that supposedly address the "The system administrator has set policies to prevent this installation" error. Regedit showed…

What version of BD do you have ?! (9/10/11 ?!) Antivirus or Internet Security ?! Please try to run a complete scan with SUPERAntiSpyware (ad-aware && Windows Defender don't do the job) Well, the malware won't let me install SUPERAntiSpyware. If I try it says the administrator has set policies to prevent it. And when I go…

The log is clean ! Hmm, thanks! Guess I will work to fix the windows network problem...and the weird disk volume. Appreciate your looking at my data! jfs