HELP T400 infected by virus

My computer was flashing a bunch of warnings about a keylogger blaster virus and that I needed to use Advanced Defender and then it stopped working -- when I boot it goes crazy and it won't let me boot in safe mode. I have no idea what to do.

 

You can take the drive out and scan it on another computer. Or you can use BartPE with somekind of antivirus software. What it does is boot to XP and will run on your NB, then you can scan like that.

 

Try a program called Malwarebytes, if it installs it will likely take care of your problem. If it does not take your HD to a technician. In simple terms it looks like this virus is messing with core programs of Windows. There is a virus going around and no Norton, McAfee etc is stopping it. I have had it on 1 machine and managed to get it off but it took some work. If the malwarebytes installs you may be lucky ..

 

Malwarebytes program might be blocked from running it by rogue. Try to end advanceddefender.exe process and use Malwarebytes instead of Spyware Doctor:
http://www.pcindanger.com/advanced-defender-removal.html

 

To solve your problem for good, go to www.distrowatch.com and download one of the top 10 distro's. Then no more BS any more.

 

Once a machine gets a virus I never trust it again. You never know whether you've been rootkitted or not.

So my advice is to nuke with extreme prejudice: take out your hard disk, copy your data to another machine, clean install, copy your data back.

 

The problem here is that the virus may also get backed up. I would have formatted the drive if i were you.

 

I always format, but personal data is generally safe to recover as long as you're careful:

1. Don't plug your HDD into a machine that with autorun turned on.
2. Clean your HDD with a good antivirus software before copying any data.
3. Only copy data - pictures, music, video, documents, email (if you don't store it on a server) - never any executables
4. Never run any executable from the HDD on the machine you're backing up to.

 

You probably have some variant of the antivirus live virus. Getting rid of it is a bear, but it is possible.

Download RKill and Combofix from bleepingcomputer.com. Just do a google search for combofix and you will find the page on bleepingcomputer. Follow the directions on there carefully.

You will most likely have to run RKILL immediately when the computer boots up. That will kill any rouge processes from known malware from running. You should be then able to run combofix.

Once Combofix does it's thing, you should scan your system using Malwarebytes Antimalware. I also usually follow that up with doing a full scan using Avast.

During this process, you may notice a file or two that may not be removable using normal means. In this case, you may have to use a BART PE CD (and use the A43 file management app) to remove/delete the offending file. In the off case you're infected with the TDSS rootkit too (just saw it on one of my users systems today), besides the BART PE CD, you'll also need to use the TDSS rootkill killer from Kaspersky ( http://support.kaspersky.com/viruses/solutions?qid=208280684).

Run TDSSKiller to stop and repair infected files. If you're using the Intel Matrix Storage Manager drivers, there's a probability that iaStor.sys is infected. If TDSSKiller cannot recover the file, you will need to download the latest Matrix drivers from Intel and extract them (you need to do this from a command prompt. Use a -a switch to expand the files into the C:\Program Files\Intel\Intel Matrix Storage Manager folder). You'll then need to use the A43 app on the Bart CD to replace the iaStor.sys file (with either the 32 or 64 bit version of the driver).