Recently I've noticed that this laptop has been freezing a short while after logging into windows. It wasn't until this morning when I turned on my computer that I was unable to log into windows. I was given the lsass.exe errors. I used the UBCD4Win regedit abilities to restore my logon function. However, when I log onto my account, I'm met with a "Virus Protector" program, which I believe is malware and my explorer.exe doesn't appear to function. The only thing visible is my desktop wallpaper. I tried to restart the explorer.exe process using the Run function from the Task Manager, but the Task Manager has been disabled by the virus as well. I have tried to re-enable it in the registry, but there doesn't appear to be any registry key disabling the Task Manager, or at least not where I was specified to look by many articles found on google.

I used the analyzer at hijackthis.de and it says that 127.0.0.1:5555 is a "Nasty" entry so I'm not sure whether the proxy setting is supposed to be set to automatic or not. So now I'm led to believe that is what got the malware shit on my laptop.

Basically what I'm trying to do is log sucessfully into Safe Mode and run Malware Bytes, but I cannot do so without explorer.exe running, or without access to the Task Manager.

Here is the log file I managed to save to the hard drive Friday night:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:22 PM, on 5/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
D:\My Documents\Physics\PASPortal.exe
C:\Documents and Settings\100394727\Desktop\avg_iswt_stf_all_85_392 a1598.exe
C:\DOCUME~1\100394~1\LOCALS~1\Temp\7zS65.tmp\avgse tup.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uoit.ca/mycampus
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US;_rv:1.9.2.2)_Gecko/20100316_Firefox/3.6.2_(.NET_CLR_1.1.4322;_.NET_CLR" -"http://media.pearsoncmg.com/bc/bc_campbell_biology_7/media/interactivemedia/activities_c6e/H34/H3402/st01/media.html"
O4 - HKUS\S-1-5-21-270497966-889163017-109164279-1015\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'HelpAssistant')
O4 - HKUS\S-1-5-21-270497966-889163017-109164279-1015\..\Run: [MessengerPlus3] "C:\Program Files\Messenger\MsgPlus.exe" /WinStart (User 'HelpAssistant')
O4 - HKUS\S-1-5-21-270497966-889163017-109164279-1015\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'HelpAssistant')
O4 - HKUS\S-1-5-21-270497966-889163017-109164279-1015\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" (User 'HelpAssistant')
O4 - HKUS\S-1-5-21-270497966-889163017-109164279-1015\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US;_rv:1.9.2.2)_Gecko/20100316_Firefox/3.6.2_(.NET_CLR_1.1.4322;_.NET_CLR" -"http://media.pearsoncmg.com/bc/bc_campbell_biology_7/media/interactivemedia/activities_c6e/H34/H3402/st01/media.html" (User 'HelpAssistant')
O4 - HKUS\S-1-5-21-270497966-889163017-109164279-1020\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Test')
O4 - HKUS\S-1-5-21-270497966-889163017-109164279-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Mobile')
O4 - S-1-5-21-270497966-889163017-109164279-1015 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'HelpAssistant')
O4 - S-1-5-21-270497966-889163017-109164279-1015 User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'HelpAssistant')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Air Mouse.lnk = C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
O4 - Global Startup: PASPortal.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232121137750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232126903781
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = oncampus.local
O17 - HKLM\Software\..\Telephony: DomainName = oncampus.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{11CFE33E-A277-4EA1-927D-58119658EE72}: NameServer = 93.188.164.105,93.188.166.153
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A9DFDFD-23D3-4008-AB79-E67DD8E6DDC5}: NameServer = 93.188.164.105,93.188.166.153
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCFEC82C-EBA6-4D8E-AB2A-25FEEF435A63}: NameServer = 93.188.164.105,93.188.166.153
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = oncampus.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.105,93.188.166.153
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = oncampus.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.164.105,93.188.166.153
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = oncampus.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.164.105,93.188.166.153
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.105,93.188.166.153
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O20 - Winlogon Notify: TPSvc - C:\WINDOWS\SYSTEM32\TPSvc.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LANDesk Policy Invoker - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: LANDesk(R) Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 15391 bytes

Try opening up task manager and try booting explorer.exe from there.
Also while you are in task manager look in the processes tab for anything that you don't recognise and end process ladder.
That should give you some extra time to run the scanner.

Please read the original post more carefully. I clearly stated in the first paragraph that the Task Manager is disabled. That was the first thing I tried.

Please read the original post more carefully. I clearly stated in the first paragraph that the Task Manager is disabled. That was the first thing I tried.
Have you tried running the windows repair CD? there's a command line tool there.
try running that and use the system file checker.
The command should be: SFC /SCANNOW That will check the integrity of your windows files and replace any compromised files.

Have you tried running the windows repair CD? there's a command line tool there.
try running that and use the system file checker.
The command should be: SFC /SCANNOW That will check the integrity of your windows files and replace any compromised files.

As far as I know, there is no official disc by the name of "Windows Repair CD." Is this just my XP SP2 CD? And btw, this happened on a XP Professional install, but I only have the XP SP2 CD.

As far as I know, there is no official disc by the name of "Windows Repair CD." Is this just my XP SP2 CD? And btw, this happened on a XP Professional install, but I only have the XP SP2 CD.
There should be a option on the windows SP2 disk that takes you to a black screen where you can fix the boot and rebuild the boot records, if memory serves me right you should be able to run the system file checker command there.

Well, I tried to access the recovery console using the XP disc, but since I don't have the Admin's password for the install, I can't get to it. This is a university issued laptop, btw.

If its a university laptop I would just bring it back to them and ask them for help.

Looks like that's just what I'm going to have to do.

http://www.myantispyware.com/2010/02/20/how-to-remove-virus-protector-uninstall-instructions/

does that help?

If its a university laptop I would just bring it back to them and ask them for help.Yeah because University IT people really know what they're doing.

My experience (really did happen) --
Me> "Uhm, just letting you know Symantec Antivirus {{first clue}} is popping up with notifications of having a virus in quarantine... the computer takes like 10 minutes to boot... and it's present after the boot and on multiple machines so it's likely in the network image {{second clue}}"
IT> "It's in quarantine -- it's fine {{third and BIG clue}}"

... no. A virus in quarantine is NOT fine, especially since the computer is still displaying signs of infection. You may have *something* in quarantine... but that means frig-all because practically no virus these days installs alone.

My advice? Back up your data (using an Ubuntu boot CD if you can't boot into Windows), insert your Windows install disk, format and reinstall.

http://www.myantispyware.com/2010/02/20/how-to-remove-virus-protector-uninstall-instructions/

does that help?

No it doesn't. I've already visited that page. I can't even access the friggin command prompt.


Yeah because University IT people really know what they're doing.

My experience (really did happen) --
Me> "Uhm, just letting you know Symantec Antivirus {{first clue}} is popping up with notifications of having a virus in quarantine... the computer takes like 10 minutes to boot... and it's present after the boot and on multiple machines so it's likely in the network image {{second clue}}"
IT> "It's in quarantine -- it's fine {{third and BIG clue}}"

... no. A virus in quarantine is NOT fine, especially since the computer is still displaying signs of infection. You may have *something* in quarantine... but that means frig-all because practically no virus these days installs alone.

My advice? Back up your data (using an Ubuntu boot CD if you can't boot into Windows), insert your Windows install disk, format and reinstall.

Maybe. You are right about the virus not installing alone, that I'm sure of since it sort of worked before it shit out Virus Protector on Friday. Well, I'll back up to a fresh hard drive and run isolated scans on that. I ran every UBCD Anti-Spyware scan and still nothing except "harmful" cookies come up. I removed those of course, but it doesn't solve my problem.

EDIT (05/18/10 12:32AM): I went back through the registry and found that a virus was redirecting my Shell to look for a virus file instead of explorer.exe. Once I changed the Shell back to explorer.exe, I got a fully functioning desktop and GUI back. I immediately deleted the file pointed to in my registry from the system 32 folder. Currently I'm in safe mode running a malware bytes full scan. So far it's been 10 mintues and it's found 4 infected files. I hope this clears the shit out good.