fake windows xp notifications keep popping up running scans saying they detect a malware/trojan threat. I've obviously got a virus, occassionally a little quote box will pop up from the icon saying "serious threat" etc. It's all fake. Anyways, it's disabled my avast antivirus, and I can't open it. So I can't run a scan to find out what kind of virus this is. Where should I start to figure this out?

3/26/2010 8:49:44 PM

I would try safe mood and then see if your AV will work

3/26/2010 9:00:05 PM

I did a system restore, it's gone

3/26/2010 9:17:37 PM

It's probably not gone. I would disable system restore and re-enable it. Then I would download, update and do a full scan with http://www.malwarebytes.org

3/26/2010 11:42:18 PM

It's tough for the running system to find and delete good virii. Best bet has always been to remove the drive, plug it into another system and run a full scan on it.

If this is not an option ^ is a good bet.

3/28/2010 8:36:42 PM

Anyone tried the AVG rescue CD yet?

http://lifehacker.com/5502999/avg-rescue-cd-cleans-your-infected-windows-pc

3/28/2010 8:53:07 PM

^^Is the only real option. I tried a couple ways to get rid of it on my friends PC, including a pirated ESET (but I should have known that wouldn't work)--but I didn't have the tools I did on my PC when I got it a while ago (like, whiiiiiiiile ago). Malwarebytes was the only thing that worked.

3/28/2010 11:29:45 PM

This fixes that in about 20 minutes (usually shorter)

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

direct download:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

3/29/2010 12:01:36 AM

Yeah ComboFix is pretty good. I usually use Malwarebytes first and if that doesn't work then go with ComboFix.

3/29/2010 10:37:34 AM

best thing to do for this is boot your windows from another OS and manually clean out recently modified junk files then boot your windows in safe mode with command prompt (no explorer) run combofix then malwarebytes....

also whenever you run malwarebytes update then disconnect from the internet cause a lot of times access to the internet is enough for pesky malware to regenerate

btw you've probably got a rootkit too so run lspfix

[Edited on April 1, 2010 at 9:04 PM. Reason : btw]

4/1/2010 9:03:44 PM