Hi Big Al,

Im having similar problems to vd233.
I am running XP Professional on my pc. When I encountered this problem and realised it was a virus, I disconnected from the internet. Every time I start up the pc it opens 2 explorer windows with the ip address http://195.189.227.147/.

When I start up it also seems to clone my desktop, so that some of the system files i try to open, open behind the the cloned desktop. You see them briefly when shutting down. e.g. Task manager or if I push windows key + R.....

I am working off my laptop at the moment, so not sure how to get the required info through to you!
Worried about connecting my pc to the internet.
Can I take a photo? (sorry if its a silly question)

for nemethste..

@ excalaber

You're not helping by copy/pasting, follow what BigAl said and nemethste if you wanna help out.

@ nemethste

I can't use the bootrec.exe because I thrown all my CDs a long time ago..

I tried the mbrfix.exe, but I always got this error:

C:\Windows\Temp>Mbrfix /drive 0 fixmbr
You are about to Fix MBR,
are you sure (Y/N)? y
Function failed. Error 5: Accesso negato.(Access Denied)

So I've gave Administrative privileges to the exe and run windows vista only with cmd, I've put the same code in but I'm not sure if I was suppose to receive a message that it was fixed or anything it just went back to the same line.

Example:

C:\Windows\Temp>Mbrfix /drive 0 fixmbr

You are about to Fix MBR,

are you sure (Y/N)? y

C:\Windows\Temp>

So I thought it was done... I've put the bootable USB back in.. scanned.. nothing found..

Problem persists.. at this point I don't think we can solve it anymore , just let me know if I close rundll32 and everything I find suspicious at the start and I don't get the cloned explorer can I work on it?

Thanks again for the help.

P.S. The gmer root still reboots my laptop..

@ vd233

I reposted because I have not had a response to my question!

@ excalaber / vd233

For your info....

Your postings will no doubt be monitored by the relevant AVG Team. This Announcement post http://forums.avg.com/ww-en/avg-forums?sec=thread&act=show&id=190509 now appears in the 'Information' forum area. Also please bear this in mind.. AVG support.. Weekends / Holidays.. Have a look @ the 1st part of this link http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=159703#post_159703 & the 2nd part of this link http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=188699#post_188699.

---

AVG Free Volunteer ModeratorAVG Free Forum member since - Nov. 27, 2004My total posts on the Old AVG Free Forum - 27,063
Alan

---

How-To Articles | FAQ | Free Support

Hello all,

@excalaber

Please refer to my previous post in this thread in order to resolve the issue.

Also please provide us with both Gmer scan results Msinfo output and AVG Anti-Virus scan results for further analysis.

@vd233

Please note that there is no other option than restoring MBR in offline mode. Even if you format your drive, rootkit will prevail in master boot record sector. You can borrow installation disc from friend or use some backup copy.

Thank you.
___________________AVG TeamHow-To articles | FAQ | Free SupportWe Protect Us