StarDestroyer.Net BBS

I got pwned by the VirusWebProtect. Most of my Start Menu is gone, C and D discs are almost inaccessible, some new shortcuts to "Fix Windows Error" and "Protect Your Privacy" stuff have appeared on the desktop.

I can more/less navigate the system via the Firefox browser and I managed to download and run the SmitFraudFix. The only problem is I can't reboot into safe mode! It just reboots my computer.

Help me please?

EDIT: Deleted the SmitFraudFix scan log file, since it is no longer relevant and spams the thread.

Turned out I got hit with a Rootkit Agent with a whole bunch of trojans. Vundo.H, Agent ANA, the works. ComboFix got the bastards and Im in the process of cleaning up my machine with other cleaner programs.

What is kinda weird is that I did not run anything, just browsing some random websites.

An infection this bad is probably better served with a reformat and reinstall than an attempt to "fix" it. You'll be saving yourself headaches in the long run.

What do you mean Bounty? What could happen? I wiped everything clean with several programs (ComboFix and Spybot on the top of it, as well as a full virus sweep with Avast).

Anything particular I should be aware of? I would really hate having to reformat my hard drive.

Format and reinstall is the only valid option after you machine has been compromised. Especially if it is any type of rootkit or form an account with administrator rights.

Basicly, you can not verify the system is intact from within the system. The reasons behind this are somewhat complex and subtle, but the take home message is; if you machine has been compromised, format & reinstall ASAP.

You might want to get someone's help backing up your documents, but don't bother recovering anything vaguely executable.

Rootkits often hide in especially nasty places like drivers. You can sometimes tell if it's still on your system by using something to monitor the machine's traffic (preferably not running on the machine). I was able to keep one client's hard drive intact by nuking the windows directory and other system files and installing over it (NOT A REPAIR INSTALLATION OR INSTALLING A NEW WINDOWS INSTALL WITHOUT FIRST MANUALLY DELETING THE OLD ONE), if you want to keep your music library and such you could try that.

It's not guaranteed unless you have some other means of verifying the presence or absence of the rootkit, but the rootkit only has the MBR to hide in then, or your own stupidity (running stuff that's left over from the old install) for the most part.

The only way I've been able to successfully remove actual live malware/viruses that hook themselves into the system is to boot Trinity Rescue Kit (or another live Linux CD with scanners etc). TRK has about five different virus scan engines which it'll automatically get updates for and run, but even those aren't guaranteed to catch everything. Having said that, it still may actually work out to be faster and more painless to just wipe the drive and reinstall.

Trying to remove a well-designed virus from within Windows is just an exercise in frustration and not something I recommend doing.

Had a takeover of this sort once, used and am still using Malwarebytes' Anti-Malware. Where detailed removal instructions and accompanying removal kit failed, Malwarebytes did a scan and removed the problem when I gave the go-ahead to fix.