LandzDown Forum

Hi,

My boyfriend has a Sony Vaio computer running Windows XP, I have no idea what year the computer is. I somehow downloaded a virus (or malware) and now nothing will open. The only thing that will come up is a security warning that says: Application cannot be executed. "The file safari.exe (or whatever I try to open, that was an example) is infected. Do you want to activate your antivirus software now?" If I click "yes" it opens up internet explorer and takes me to some site to buy the program. I have avast on the system and barely managed to get it running last night and it found 2 viruses and said it removed them. However, it only got worse. I have a mac and have been researching via it because nothing on that computer will work. If I can't fix this, I have to get him a new computer so if someone can help that would amazing.

Also, I have one other question, if we simply restore the computer to scratch would that get rid of the virus? Or would it still stay on the system?

As mentioned, I can't get anything to run on that computer so am using my mac to research.

Thank you!!
Rebecca

Hi, Rebecca.

Welcome to LandzDown Forum.

By restore, do you mean a System Restore to prior to the infection?  The success of that depends on whether you have a clean restore point.  If you mean a format, reinstall of the operating system, that would work.  If you wish to attempt to clean the computer, please proceed as instructed below.

We will do our best to assist you.  However, in order to do so, please follow all instructions provided in the sequence given.  Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use.  This may cause conflicts with the tools being used in the cleanup process.   

If you have questions regarding any of the instructions or problems running any tools, please let us know.

Please download rkill from one of the following links and save to your Desktop:

One (http://download.bleepingcomputer.com/grinler/rkill.exe), Two (http://download.bleepingcomputer.com/grinler/rkill.com),Three (http://download.bleepingcomputer.com/grinler/rkill.scr) or Four (http://download.bleepingcomputer.com/grinler/rkill.pif)

• Double-click rkill to run.
  
• A command window will open then disappear upon completion, this is normal.
  
• Please leave rkill on the Desktop until otherwise advised.
  
• Do NOT restart your computer after running rkill as the malware program(s) will start again.

Notes:

If you you receive security warnings about rkill, please ignore and allow the download to continue.

Next, please go to http://www.malwarebytes.org/ and download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, be sure Quick scan is selected, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FMBAM_SR.png&hash=38adbab18bc0003ecf543fafb564e34dadece253)
  
• Click Remove Selected.
  
• When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here on Windows XP: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt and C:\Users\UserName\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt on Windows Vista and Windows 7.
  
• Please post contents of that file in your next reply.

Please also go to Log Posting Instructions (http://www.landzdown.com/index.php?topic=423.0) and follow those instructions as well.  Note that it may be necessary to create more than one reply in order to fit in all the logs.