Can't get safe-mode due to SMART virus...

[MTChair]

Sorry for yet another thread about the Smart virus but I can't even begin to attempt to remove it.... originally tried (hence coming to the forum) via http://malwaretips.com/blogs/remove-s-m-a-r-t-check-and-repair-virus/

Its 50/50 of being allowed to boot up in safe mode w/network.
If I'm lucky enough to get into safe mode sometimes Rkill won't work; even worse - I'm not able to install Malwarebytes. - I get "Access Denied" shortly after trying to run the install guide. (obviously smart virus is counteracting removal efforts).

I am able to boot normally w/o going to safe mode, albeit when its booted up, blank desktop, no icons, start menu black etc etc etc. but again, can't install anything to remove this virus.

Talk about a PITA virus! Anyone have suggestions to effectively get rid of this d@ng thing?!!?. Its an old lappy (XP) which is only really used for my file storage... which I'm now wanting to b/up my b/ups once I remove this d@mn virus...

Please help! TIA

 

[Jack]

Hello,

<>STEP 1 : While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode</>
1.Here are the direct download links for HitmanPro,
- http://dl.surfright.nl/HitmanPro36.exe (For 32bit) <<< This is your version!!
- http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
2.<>Hold down the left CTRL-key when you start HitmanPro</> and all non-essential processes are terminated, including this rogue malicious process
Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
3. Let HitmanPro scan and remove all the detected threats.

<>STEP 2: Download/Run Rkill and then run a scan with Malwarebytes.</>
1.Download any re-named version of Rkill (direct download links bellow):
http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe
http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe
http://download.bleepingcomputer.com/grinler/rkill.scr
2.Next,please perform a scan with Malwarebytes as seen on the guide: http://malwaretips.com/blogs/remove-data-recoverys-m-a-r-t-hddrepair-and-check-virus/

<>STEP3 : Perform a system scan with Emsisoft Anti-Malware:</>
<ol type="1">
<li>Please download the latest official version of Emsisoft Emergency Kit : http://www.emsisoft.de/en/software/eek/ </li>
<li>After the download process will finish , you'll need to unpack EmsisoftEmergencyKit.zip
<img src="http://malwaretips.com/images/removalguide/ekk1.png" alt="[Image: ekk1.png]" border="0" /></li>
<li>Open the Emsisoft Emergency Kit Folder and double click EmergencyKitScanner.bat
<img src="http://malwaretips.com/images/removalguide/ekk2.png" alt="[Image: ekk2.png]" border="0" /></li>
<li>A pop-up will prompt you to update Emsisoft Emergency Kit , please click the "Yes" button.

<img src="http://malwaretips.com/images/removalguide/ekk3.png" alt="[Image: ekk3.png]" border="0" />


<img src="http://malwaretips.com/images/removalguide/ekk4.png" alt="[Image: ekk4.png]" border="0" /></li>
<li>After the Update process has completed , put the mouse cursor over the "Menu" tab on the left and click-on "Scan PC".

<img src="http://malwaretips.com/images/removalguide/ekk5.png" alt="[Image: ekk5.png]" border="0" /></li>
<li>Select "Smart scan" and click-on the below "SCAN" button.

<img src="http://malwaretips.com/images/removalguide/ekk6.png" alt="[Image: ekk6.png]" border="0" /></li>
<li>Emsisoft Emergency Kit will now start scanning your computer for malicious files as shown below.

<img src="http://malwaretips.com/images/removalguide/ekk7.png" alt="[Image: ekk7.png]" border="0" /></li>
<li>When the scan will be completed , you will be presented with a screen showing you the malware infections that Emsisoft Emergency Kit has detected.Please note that the infections found may be different than what is shown in the image.
Make sure that everything is Checked (ticked) and click on the 'Quarantine selected objects' button.
<img src="http://malwaretips.com/images/removalguide/ekk8.png" alt="[Image: ekk8.png]" border="0" /></li>
<li>Emsisoft Emergency Kit will now start removing the malicious files.
If during the removal process Emsisoft will display a message stating that it needs to reboot, please allow this request.</li>
</ol>

Please post in your next reply:
HtimanPro log
rKIll Log
Malwarebytes log
Emsisoft log.

 

[MTChair]

Thanks Jack for the reply.
I haven't had a chance to try your recommendation as I've been busy since posting; I'm going to work at it over the weekend. I'll let you know either way of the results!

 

[MTChair]

New problem -

After Rkill has run, the desktop goes completely blank and I can't even get the taskbar...
Inorder for Malwarebytes to install, I had to put it elsewhere than the C:drive; (otherwise I'd get Access Denied message)
I've managed to run M'warebytes and HitmanPro and both don't detect any threats...

Any suggestions?!?
TIA

 

[Jack]

Can you please run an OTL scan..

Download and run OTL

1. Please download the OTL utility from here : http://oldtimer.geekstogo.com/OTL.exe
2. Right-click on OTL.exe and select Run as Administrator to start OTL.
3. Double click on OTL.exe to run it.
4. Under the Custom Scan box paste this in:
   
   

   %SYSTEMDRIVE%\*.exe
   %ALLUSERSPROFILE%\Application Data\*.exe
   %APPDATA%\*.
   /md5start
   atapi.sys
   explorer.exe
   winlogon.exe
   Userinit.exe
   svchost.exe
   csrss.exe
   PrintIsolationHost.exe
   consrv.dll
   /md5stop
   %systemroot%\*. /mp /s
   hklm\software\clients\startmenuinternet|command /rs
   %systemroot%\system32\*.dll /lockedfiles
   %systemroot%\Tasks\*.job /lockedfiles
   %systemroot%\system32\drivers\*.sys /lockedfiles
   CREATERESTOREPOINT

5. Click the Quick Scan button.The scan wont take long.
   
6. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
   Please post this 2 logs in your first reply.

<hr />