Safe Luxury

HELP! ok my computer at home got incfected with antivirus xp 2010! Comp is acting weird on me!?

After i got malwarebytes and i scanned my comp several times it said it got rid of it. but everytime it gets rid of it, it says "malwarebytes must restart your computer for these changes to take effect" so i let it restart. but now, and here is the kicker for ya, my comp wont start up on anything BUT "last known good configuration". problem that is when the virus is still on my computer so its a never ending cycle. everytime i try to restart in safe mode or something related or "start windows normally" it goes into a cycle of restarting itself before the computer even gets to the login screen. on bootup it just restarts showing the same options for restart. and i am forced to choose "last known good configuration." Can someone help me with this plz!!!!

Public Comments

1. Antivirus XP 2010 manual removal: Kill processes: av.exe Delete registry values: HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %* HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %* HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %* HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %* HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1" Delete files: %UserProfile%\\Local Settings\\Application Data\\av.exe %UserProfile%\\Local Settings\\Application Data\\WRblt8464P This would really help you in fixing the issue. If not contact this virus removal team greenpcsupport.com
2. Ok go into safe mode turn off "system Restore" then run malware bytes = your antivirus program. Go to folder options and click show hidden files, then go to Drive "C" (assuming thats your main drive) and look for a hidden file called Boot.ini and open it, make sure it only reads like this [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Professional" /fastdetect Nothing else should be in there at all.
3. How to remove XP Internet Security 2010, Antivirus Vista 2010, and Win 7 Antispyware 2010 http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010
4. a-squared usb/bootable version, itll clean you up
5. Use combofix from bleepingcomputer.com, then download malwarbytes(you may need to rename the installer/setup to something like winlogon.exe to be able to run or install it) from malwarebytes.com or softpedia.com, then clean the rest of the virus with superantispyware and Hitman Pro 3.5 from softpedia.com/cnet.com and just in case you do have a rootkit on your system use GMER from majorgeek.com(Use gmer to scan and anything in red delete.) Future Protection use this wizard to recommend security protection for your system: http://www.techsupportalert.com/secwiz or go to safe mode and then do the above: To get into Safe Mode with Networking: 1. Log out and reboot your machine. 2. When the machine starts the reboot sequence, press the F8 key repeatedly. 3. Select Safe Mode with Networking from the resulting menu. Note: Rogue security software is a form of computer malware that deceives or misleads users into paying for the fake or simulated removal of malware. Or Manually: Terminating the process: 1.I verify that a Rogue is present. This isn't hard, since it's usually popping up just about every few seconds. 2.Click CTRL-ALT-DELETE (if it's available) 3.Click Task Manager 4.Click Processes 5.Find a process that usually contain all numbers. For example 2342342.exe. If you do not see all numbers then your rogue has a name like...SystemSecurityPro.exe or GreenAV.exe...etc. 6.Select that process and click end process. 7.At this point the rogue process has been terminated. Removing Rogue Anti-virus that is named with random numbers. or If you can't open task manager then use Rkill from http://download.bleepingcomputer.com/grinler/rkill.com 1.Click Start 2.Click Run (or for Vista/Win7 type in the start search box) 3.For windows xp type: C:\documents and settings\all users\Application Data and click OK. A window will open containing a folder with about 8 numbers. Your Rogue is in there. Delete that folder. 4.For Windows Vista/Win7 type C:\users\all users in the "start search" box and click enter. Your randomly named folder with about 8 digits should be in there. Delete it. Removing Rogue Anti-Virus that has a name like System Guard Pro, AV2010, etc 1.Open Windows Explorer. 2.Open your C:\ drive. 3.Open Program Files 4.Find the Rogue and Delete the folder. If not seek an expert. Good Luck!