Damn malware!

[First of Two]

So, I was on my home PC, cruising along the information superhighway, when BLAMMO! All of a sudden I was hit by some stupid toolbar that appeared on my screen and started trying to direct me to an online pharmacy, gambling, chat, sex emporium or something.

So, I delete the toolbar as best I can, run my antispyware programs (Ad Aware, Norton, and Spybot S&D), they showcase and delete a few known viruses, and ... things stop working.

I find and delete programs I can confirm are bad, like yaemu.exe and idemlog.exe, and so forth... but things just keep going downhill. My startup screen lags. When I boot, I get maybe as far as the volume and printer buttons appearing at the bottom of my screen, then ...nothing. I can't download fixes from the 'net.. I can't even ACCESS the net!

Task Manager tells me their procceses are running, but I can't see them. I can't click on ANYTHING and have it work.

I try running the virus scans in safe mode. Safe mode works, but the scans are slooooooooow... especially SBS&D. They find a few more things. I fry those.

"Finally!" I think. "Victory is mine!"

Reboot...

Startup screen,... first couple bar icons apper... printer... volume...
...
...
...

Nothin'.

HELP!

[spshu]

It looks like it corrupted Windows or the Registry, or you inadvertantly delete a Windows file. You probably will have to reinstall Window but you have to make sure there isn't any virus on it. You should wait for some one more experience than me here. Dealing with computer & networks is a just a part of my job because there is no one else. I am also have some problems with malware.

There a few sites that help people through antimalware like Geekstogo.com

recommend by Doxdesk.com:
Help forums
Discussion sites where infected users may be able to get help with removing stubborn parasites that resist the usual anti-spyware programs.

SpywareWarrior
Net-Integration
Castle Cops
Lockergnome
PC Pitstop
TomCoyote

doxDesk.com is neat as it has a spyware Parasite detector build into its Parasite page.

[Ergi]

I believe spshu is correct. You probably won't get around reinstalling the whole OS. Considering the extent of the damage, this is probably the easiest method anyway. I hope you find a way to save all your important files. Knoppix and a large memory stick could be helpful here. For the future, I suggest no longer using IE as your main browser. I've been using Firefox (Mozilla, actually) for several months now, and I never had any problems with spy or adware. Only when Firefox has difficulties displaying the content of trustworthy sites, I switch to IE.

[First of Two]

...and having to re-install Windows would basically mean that everything I've saved to the computer, and not backed-up on some other format, is *KAPUT*, Yes?

GODDAMN.

WTF are these spyware idiots about? Why make a toolbar that directs people to your sites, then SCREW their computer so badly that they can't go there?

Vermin. If I could, I would string up my holiday decorations with their intestines.

OTOH: If it's screwed up the registry, and that's permanent, why is it working pretty normally in safe mode? *scratches head*

I've found a couple posible sources of help online - going to compare the files they say to delete to my safe-mode hjt log, see if anything matches.

[Ergi]

If you have to reinstall Windows everything on that partition is lost. That's why I have two partitions on my single hard disk. If it becomes necessary to reinstall Windows, I move all my important files to the second partition (D:\) and reinstall Windows on my C:\ partition. If you are able to copy files when in save mode, you could borrow an unneeded hard disk, plug it in, and temporarily store your files there. Do USB devices work in safe mode? If they do, you won't even have to open you computer, provided you have access to an external HD.
One last option, if you have no problem with fiddling about computer intestines, unplug your HD, take it to a friend with the same operating system. Plug it into his PC, start his Windows (I think starting yours won't be possible anyway), and copy your files to his HD. I've never tried this, but since both drives should use the same file system (NTFS in the case of WinXP), I see no reason why this shouldn't work (I don't assume you have WinXP Pro and encrypted the files on your HD).

Good luck!

[BouncyCaitian]

http://www.maxthon.com

If you must use an IE style browser, load this. Security on it is pretty solid and I've yet to see anything sneak into it. Tabbed browsing, pop-up killer and lots of other gew-gaws to make your surfing much happier.

[First of Two]

Well, I'll have to get it working before I can download a new browser, but thanks!

I've just joined and posted on one of those online antivirus help boards, so maybe I can get some ideas there. I've also got a couple of things to look for from the posted Hijack This! logs of other people who'd been infected by something similar (it didn;t seem to be freezing anybody else's computer, though.)

If I can't find a way out with those folks' help, I'm going to have to re-install the whole damn thing. I'm probably gonna lose so much... I never got to backup as much as I wanted... maybe I can salvage some stuff in Safe mode... can you write to disk in Safe Mode?

TrExiles, and the UberGeeky Shiplist. I'd been working somuch on those lately, JUST before this happened. I was gonna make backups during my vacation.. that's only three days away! WAAAAAH!

[C5]

Mind you, if Windows can load in safe mode, then maybe does it mean that only a driver was corrupted. You could try to reinstall every driver (video, sound, network, and whatever else you have - though sound could be a serious candidate) instead of reinstalling Windows, then see if the problem remains.

Also, try to check the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run and see if every program name is known to you in there. Same for the Start->Programs->Startup group.

Which version of Windows have you, by the way ? Windows 2000 has some repair options that sometimes work well.

(I too hate having to reinstall a whole OS...)

[Cmdr. Maddox]

Use HijackThis and the CWSShredder both available on this side Link: Hijackthis

[Tobian]

Hmm it largelly depends on what kind of Windows install you have as to weather you have to lose everything. I fyou have a full install disk, then you can just install windows on windows, then run all the windows updates again The problem with this way is it doesn't guarantee you splat any viruses! The problem is most el-cheapo manufacurers just give you a disk image disk. which can only overwirte the contents of your hard drive

A Good recomend I can give is to just go out and buy (ouchy on the cash part!) an external hard drive, for a USB slot.. just copy as much as you can to it, and reinstall your computer

It could well be there is nothing actually wrong with windows, and it is all the effects of a Virus / malware etc. To be honest the effects you are suffering reminds me of the recent malware Sony was uncovered using.. whereby if you delete it, it destroyes your computers functions! Windows should not have let you delete key files.. Not because it is a nazi, (which it is!) but because those are usually held in the safe backup area.. I.e. Safe mode is working! I have used Safe mode too and yes it is UBER slow!

Stupid question, but have you tried the 'last known good' option, to recover a previously working version of Windows? If you can take it back before you gave yourself the browser bar it might solve all your problems!!!

[First of Two]

Well, the guy at the board told me to download and run something called ewido, and that found a whole lot of junk, mostly in my "System Restore" (which might explain why I wasn't able to do a system restore actrion to get out of this.) It cleaned most of it, but still said I had some "Downloader.Agent.uj" it couldn't clean.

I then ran Hijack This! and copied the log (and the information on the Downloader Agent) to the board for help. Hopefully, they'll get back to me soon.

I haven't even tried rebooting my computer in normal mode since then, just in case it might screw something else up, but I'm a little more hopeful now.