Windows Security Center can't be started because of virus/malware

shawn77,

See post #49

Crumble has the option to use any of these tools.

Sality has been around for quite a while, as I am sure you know, and any of these tools should be able to detect and remove Sality from the computer.

Thought we could not, but, I think we can...

Will need to modify the instructions to accomodate the CD.

Will do so as soon as I can.

That's OK, UsernameIssues.

Even if he runs WDO, we may need to do a final confirmation that there are no Rootkits, etc.

You know how it goes, when it comes to malware, no one program covers all.

Testing FRST out on my own computer. So far it worked, with modification to the former instructions.

Can't find the report it makes, though.

Will get it sorted out, and post as soon as possible.

Crumble,

No need for another computer, or for a USB flash drive!
Since the computer boots, let's run this program from the hard drive that contains your Operating System (normally C:\). Do not follow the previous instructions requiring a USB flash drive.

This was tested on my own computer, and it worked.

Please print these instructions, and read them once, so you have an idea of what you are doing.
Do follow them step by step.

Here we go...

Please download Farbar Recovery Scan Tool:
Farbar Recovery Scan Tool Download
Select the version that applies to your computer (32-bit or 64-bit)

Save FRST.exe to the Desktop

Right-click Start, and select: Open Windows Explorer
Look for drive C:\, or the drive that contains your Operating System (OS).

Now, go to the Desktop, right-click FRST.exe, and move it right into C:\

>>> Restart the computer.

As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
Use the arrow keys to select the Repair your Computer menu item.
Select your language settings, and click: Next
Select your User account and click: OK/Next (If you did not set a password, leave blank.)

On the System Recovery Options menu you get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt

Select: Command Prompt

In the Command Prompt window, at the bliking cursor type: notepad
(See note #1)
Press: Enter

In Notepad, under the File menu select: Open
Double-click: Computer (on the left side), find the drive letter that has the Operating System, and remember what letter it has.
(See note #2)

Click on the OS drive
In Files of Type, select: All files
Press: Open
Confirm that FRST.exe is there!

Now, click the Command Prompt window.

Type the following: ?:\frst.exe, and press: Enter
Note: Replace the ? with the drive letter that contains the OS.

The tool starts and prepares to run. Follow the prompts.
Click Yes to the disclaimer.

When the FRST console appears, press the Scan button.
Let it run.

Once the scan finishes, a prompt appears stating "...the log has been saved in the same location as FRST.exe"
Close this prompt, close FRST, and close everything else, except...
Go back to the Command Prompt.

Once again in the Command Prompt window, at the blinking cursor type: notepad
Press: Enter

In Notepad, under the File menu select: Open
Double-click Computer (on the left side), find the drive letter that has the Operating System, and remember what letter it is.
(See note #3)

Click on the OS drive.
In Files of Type, select: All files
Press: Open
Confirm that FRST.exe is there!

Click the Command Prompt window again

Type the following: ?:\frst.exe, and press: Enter
Note: Replace the ? with the drive letter that contains the OS!

The tool starts and prepares to run. Follow the prompts.
Click Yes to the disclaimer.

When the FRST console appears, press the Scan button.

Once the scan finishes, a prompt appears stating the log has been saved in the same location as FRST.exe
Close this prompt, close FRST, and close anything else that is open.

Back at System Recovery Options, press: ShutDown, or, Restart.

After the computer restarts, and you are back in Windows, right-click Start, and select:
Open Windows Explorer

Look for drive C:\, which is normally the drive that contains your Operating System (or whatever drive applies), and open it.

Look for a folder named: FRST
Inside the FRST folder, there are three other folders. One of them is named: Logs

Open the Logs folder to find the text document resulting from the scan.
It should look like: FRST_30-01-2013_16-50-52 (reflects date and time.)
(See note #4)

Please provide the FRST.txt in your reply.

Notes:
1. Make sure the NumLk key is not active. If it is, you are not able to type correctly at the Command Prompt. If NumLk is active, press the Fn key and then the NumLk to deactivate it.

2. Once in this special mode you booted into, the drive containing the Operating System (OS) may not be C:\ (or the particular drive that has your OS)
You need to examine the drives carefully, and determine which one is the correct drive.

3. When you run FRST a second time, the drive containing the Operating System (OS) may have changed again!!!
Once again you need to examine the drives carefully, and determine which one is the correct drive.

4. In the first run, the tool places a FRST folder in the OS drive.
In the second run, it places the log in the folder.