[mexgeo86]

I hope to make this brief but it's quite an issue I haven't been able to resolve.

1 of our network pcs got infected (user unknowingly activated online alert window (malware) that looked like a Windows alert for performing a scan of the system).

Things I've tried:
-Run AntiVirus with and without network connection, both failed (Program won't even run)
-Run online scanner for malware, failed since PC won't install the plugin from the site
-Run System Restore, failed since it won't work...I get to the last step where all I have to do is click 'Next' to go to the finish page but the 'Next' button won't work
-Ran PC in Safe mode and tried everything mentioned above, failed as well
-Ran a Disk Cleanup and deleted everything in Temporary Internet Files (Safe Mode)

Following day, started up the PC and now no Task Bar or icons on desktop, so I brought up Task Manager (Ctrl+Shift+Esc)
-Had it Run a new task: 'cmd' for Command Prompt.
-typed in 'explorer,' and got an error window "Windows could not find 'explorer'..."; also tried w/'explore.exe'

So currently, the only thing I can do is go off of Task Manager which isn't much since I can't open 'My Documents' or 'My Computer Window' Any program I try to open that is non-Windows/Microsoft doesn't execute (Antivirus)

I realize I should just reformat the whole pc but problem is that the recovery CD is nowhere to be found despite it being a couple years old. There's also the case of the pc holding several personal files (photos, documents, music) that i'd like to at least move to a shared network drive, but with task manager not letting me open a simple window it's difficult.

Any insight on this will be greatly appreciated. Thank you.

[1101doc]

Hi mexgeo86 and

In severe cases like this I like to use the Avira Rescue System first:
http://www.free-av.com/en/products/12/avir...cue_system.html

Download and 'save' the file on a functioning computer. Load a blank generic CD into the tray and double click the 'saved' file. It will automatically create a bootable CD.

Boot the problem machine from the CD, and follow the on-screen instructions to scan and 'clean' the system. Don't forget to choose to search for rootkits.

ARS almost always allows a 'normal' boot, but, of course, it may not have found and removed everything. Therefore a full couse of anti-malware treatment is called for.

At this point in most cases I would refer you to our malware section, but it rather sounds to me like yours is a commercial setting. You are welcome to use our anti-malware procedure: http://www.5starsupport.com/ipboard/index....p;f=18&id=3

As far as posting a HijackThis log goes, however, 5Star is a totally volunteer organization and our anti-malware specialists are already quite busy with home user's logs. We provide this service free of charge to individuals, and just don't feel that it is fair to require our helpers to assist in 'cleaning' commercial systems.

I hope you can understand.

After using the Avira Rescue System and following through with the anti-malware procedure, I would perform several on-line scans untill they all came up negative:
http://housecall.trendmicro.com/
http://www.kaspersky.com/virusscanner
http://www.eset.com/onlinescan/cac4.php?page=details
http://support.f-secure.com/enu/home/ols.shtml
http://www.bitdefender.com/scan8/ie.html

Both Runscanner: http://www.runscanner.net/
and A-Squared HiJack Free: http://www.hijackfree.com/en/
can be of considerable assistance in that they both offer on-line analysis of a system with clear indications of those entries known to be malware related.

Please be aware that the Avira Rescue System file is updated daily.
For future use dowload that day's file for the most up-to-date signatures.

Good luck, and let me know how things work out for you, OK?