Virus Screwing with my life

[jadeDino]

Okay, here's the deal.

I use Avast on my pc. I run windows xp on my Dell Latitude D500. Avast detected a rootkit under Win32:RLoader-B. It's been screwing with my system for months. I turned to Dell when I first noticed it. The tech from Dell gave me a number to call, hut it didn't help. Since then i have been looking for alternatives and wqys to get it off of my computer online. None of the solutions have helped. I've deleted a bunch of less stubborn viruses off of my computer, bit this one wont go. Some of my icons on my desktop have vanished or just plain stopped working. I was having a lot of issues when i would turn my laptop on. At first, there would be this blu screen with a message on it, i would have to turn the computer off then back on to have it start up as normal--or so it would seem--it would go to a black screen for options to start up. Normal mode, safe mode, start from a point in which the computer would work properly.

I still can only get it to start on "start from a point in which the pc works properly". It's a pain in the butt. It wont let me go on a.whole bunch of websites when it will actually let me get onto the internet (currently on cell phone). Please help, i really need it.

[Michael (alan1998)]

Hello Jade,

Please go Here and attach OTL, Malwarebytes & aswMBR.

If possible, get the file Avast! is alerting on and upload it to Virustotal. Once done, give the link to me so I can chck it out!

[jadeDino]

HI!

I tried looking for the exact file, but nothing comes up, it only comes up in the adding and removing programs. I went back into Avast! and got the exact "names" of the infected files.

C:WINXP\system32\drivers\acpi.sys                 and
SVC:ACPI>C:WINXP\system32\drivers\ACPI.sys

[Michael (alan1998)]

Hi, Malwarebytes appears to have nailed one of the files. Can yuo confirm the alerts of ceased?

Remover notified. However it'll be several hours until they answer as it's past midnight for all of them.

[Edit]: The reason why you can't find ACPI.sys is because its disguised itself as a system file... Don't do anything until Someone comes. Although I suspect they'll need a FRST log.

[jadeDino]

I don't want to sound like an uber noob, but what is a FRST log???

[Michael (alan1998)]

It's another tool similar to OTL. It's called FarBar Recovery scan Tool. If they need it'll they ask for it. When Twin, Essex, Argus or Magna answers listen to them

[jadeDino]

I will listen obediently to all who know more than me.

The alerts did stop. I checked it three times to make sure.

[argus]

Hi,

• Please download ComboFix by sUBs and save it to your Desktop.
  You may read how Combofix works here.
  
  
• Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
  If you are unsure how to do this please read this or this Instruction.
  
  
• Run ComboFix. Click on I Agree! & follow the prompts.
  Note: If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart your computer.
  
  
• When finished, it will produce a report for you. Please attach log reports (ComboFix.txt) back to topic.
  (typical log location: C:\ComboFix.txt )

[Michael (alan1998)]

Okay,

Edited by Alan. Argus is now your remover.

[Valinorum]

@jadeDino, Please follow argus's instruction.

Edit: Lol, mods are faster than my keyboard speed.

[argus]

Ok, "problem" solved 

[jadeDino]

Hey guys,

I've run the combofix a few times-at a few hours each time- and i haven't gotten passed the scan. It says ten minutes typically, but i can leave it scanning for hours without it going to any of the next steps. I don't know what else to do.

[Michael (alan1998)]

I will notify argus you've posted here. Been about a week. Sit tight and wait for his instrcutions.

[argus]

Download TDSSKiller  and save it to your desktop

  Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.

• Under Additional options check the boxes next to:
  - Verify Driver Digital Signature;
  - Detect TDLFS file system
  - Use KSN to scan objects
  
•   Press Start Scan
  
•   If Suspicious object is detected, the default action will be Skip, click on Continue.
  
•   If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.