Try:



Free Malwarebytes:

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Free Superantispyware:

http://www.snapfiles.com/get/SuperAntiSpyware.html

Free Norman Malware Cleaner

http://www.softpedia.com/get/Antivirus/Norman-Malware-Cleaner.shtml

2

How to Force Windows 7/Vista into Safe Mode Without Using the F8 Key

There’s an option in the well-known System Configuration utility that will let you force Windows to always boot into Safe mode… until you turn the option off.

Open up the start menu search or run box, and type in msconfig and hit the enter key.

Select the Boot tab, and then check the box for “Safe boot” and make sure the radio button below is set to “Minimal”.

Once you hit the OK button you’ll be asked if you want to Restart now or wait until later. Either way, the next boot will take you into safe mode.

Once you restart, you’ll realize that you are in Safe Mode because it not only places that text in the four corners of the screen, but it even opens up the safe mode page from the help file in Windows 7 or Vista.

Now you can work on getting rid of that spyware…

Remember to turn this back off when pc is clean!

Whats up James,



As much as I hate to say it. At this point you are better off re-installing your operating system. It sounds like this virus has totally taken over your computer, and has effectively locked you out.



Has it shut down your internet to prevent you from downloading any solution?

Is your start menu Icon missing preventing you from running an anti-virus?

Has it locked you out of your anti-virus program and spyware removal program?



If this is the case you might consider doing a clean re-install. It is probably a vicious trojan virus, or spyware infection.



If doing a re-install of the OS is not an option, try downloading a trojan and spyware removal program and a new anti-virus. There is a good chance the old ones where corrupted.



There are many different free anti-virus programs. Try googling avira, avg, avast, all of these are free and work quite well. Anyone of these free programs should be able to solve your problem.You should be able to download any of these programs onto a flash drive and install them onto the infected computer. This might be your only solution if you don't have your files backed up, and cannot do a clean re-install.



Also make sure to install and scan in safe-mode. You can get to safe mode by pressing the F8 upon start up. Keep trying when booting up and you should be able to get it.



Hope the helps.

If you could, download updated MalwareBytes, SuperAntiSpyware onto a USB thumbdrive from a friends computer. Malware like that usually block access to security sites.

Then disconnect your computer from internet access, install programs and run your scans.I find it best to run each scan several times, as sometimes the malware is layered. Removing one layer opens up a path for the next.Scan until both come up empty.

You need to download and run "Malwarebytes", but it needs to be run in "Safe Mode". If you are locked out of Safe Mode, then all I can think of is to wipe the system and reinstall Windows.

no i don't thinks so

download system mechanic from www.iolo.com





you have the conflicter worm







Win32/Conficker.XAliases: Net-Worm.Win32.Kido.iq (Kaspersky), W32.Downadup.C (Symantec), W32/Conficker.worm.gen.c (McAfee)

Type of infiltration: Worm

Size: 87040 B

Affected platforms: Microsoft Windows

Signature database version: 3676 (20081209)







You can download the removal tool here .

Short description

Win32/Conficker.X is a worm that repeatedly tries to connect to various web pages. It tries to download several files from the addresses. It can be controlled remotely.

Installation

When executed, the worm copies itself in some of the the following locations:

%system%\%variable%.dll



%program files%\Internet Explorer\%variable%.dll



%program files%\Movie Maker\%variable%.dll



%program files%\Windows NT\%variable%.dll



%appdata%\%variable%.dll



%temp%\%variable%.dll



A string with variable content is used instead of %variable% .



The worm loads and injects the %variable%.dll library into the following processes:

explorer.exe



services.exe



svchost.exe



The worm registers itself as a system service with the name combined from the following strings:

App

Audio

DM

ER

Event



more...App

Audio

DM

ER

Event

help

Ias

Ir

Lanman

Net

Ntms

Ras

Remote

Sec

SR

Tapi

Trk

W32

win

Wmdm

Wmi

wsc

wuau

xml

access

agent

auto

logon

man

mgmt

mon

prov

serv

Server

Service

Srv

srv

Svc

svc

System

Time

under...

The service Display Name consists of some of the following strings:

64



Adobe



Agent



App



Assemblies



more...64

Adobe

Agent

App

Assemblies

assembly

Boot

Build

Calendar

Collaboration

Common

Components

Cursors

Debug

Defender

Definitions

Digital

Distribution

Documents

Downloaded

en

Explorer

Files

Fonts

Gallery

Games

Globalization

Google

Help

IME

inf

Installer

Intel

Inter

Internet

Java

Journal

Kernel

L2S

Live

Logs

Mail

Maker

Media

Microsoft

Mobile

Modem

Movie

MS

msdownld

NET

New

Office

Offline

Options

Packages

Pages

Patch

Performance

Photo

PLA

Player

Policy

Prefetch

Profiles

Program

Publish

Reference

Registered

registration

Reports

Resources

schemas

Security

Service

Setup

Shell

Software

Speech

System

Tasks

Temp

tmp

tracing

twain

US

Video

Visual

Web

winsxs

Works

Zx

under...In order to be executed on every system start, the worm sets the following Registry entries:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\

CurrentVersion\Run]

"%random1%" = "rundll32.exe "%variable%.dll",%random2%"



[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\

Run]

"%random1%" = "rundll32.exe "%variable%.dll",%random2%"



%random1-2% stands for a random text.



The following Registry entries are set:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\%random

service name%\Parameters]

"ServiceDll" = "%system%\%variable%.dll"



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\%random

service name%]

"Image Path" = "%System Root%\system32\svchost.exe -k netsvcs"



more...[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\%random

service name%\Parameters]

"ServiceDll" = "%system%\%variable%.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\%random

service name%]

"Image Path" = "%System Root%\system32\svchost.exe -k netsvcs"

"DisplayName" = "%random service name%"

"Type" = 32

"Start" = 2

"ErrorControl" = 0

"ObjectName" = "LocalSystem"

"Description" = "%variable_name%"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\

CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL]

"CheckedValue" = 0

under...The following Registry entries are deleted:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\

SafeBoot]



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\

CurrentVersion\explorer\ShellServiceObjects\

{FD6905CE-952F-41F1-9A6F-135D9C6622CC}]

"wscsvc" = "%filepath%"



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\

CurrentVersion\Run]

"Windows Defender" = "%filepath%"



Other information

The worm terminates processes with any of the following strings in the name:

autoruns



avenger



confick



downad



filemon



more...autoruns

avenger

confick

downad

filemon

gmer

hotfix

kb890

kb958

kido

klwk

mbsa.

mrt.

mrtstub

ms08-06

procexp

procmon

regmon

scct_

sysclean

tcpview

unlocker

wireshark

under...The following services are disabled:

Windows Security Center Service (wscsvc)



Windows Automatic Update Service (wuauserv)



Background Intelligent Transfer Service (BITS)



Windows Defender Service (WinDefend)



Windows Error Reporting Service (ERSvc)



Windows Error Reporting Service (WerSvc)



The worm connects to the following addresses:

2ch.net



4shared.com



56.com



adobe.com



adsrevenue.net



more...2ch.net

4shared.com

56.com

adobe.com

adsrevenue.net

adultadworld.com

adultfriendfinder.com

aim.com

alice.it

allegro.pl

ameba.jp

ameblo.jp

answers.com

apple.com