• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

windows 7 hidden admin account infected

M

mischa01

New Member
Joined
Aug 28, 2010
Messages
4 (0.00/day)
Somehow my windows 7 hidden admin account got infected. I cannot open regedit, task manager or any virus program.. in fact.. most programs wont work.. but my regular everyday account is fine, however it has no admin priviledges.

I know what the virus is.. its a xps viewer.exe virus.. it mostly annoying.. Programs do open up for a split second before this stupid ivirus program closes it again and then lies and gives me a message that says, " Cannot open this program, the program is infected"


please help me.

Thanks
 
Have you tried malwarebytes? :)
 
What about using your "regular everyday account"? Or, use a different PC and download malwarebytes to a USB drive.
 
visit safemode, log into admin account. download malwarebytes (or transfer from usb). run malwarebytes. exit safe mode. run an updated malwarebytes on admin account. eat some pie ;D
 
Well if you don't have admin rights then probably you can't delete this so called "viewer.exe" if it lies in any system directory or if you are not the owner of such file.
One good approach would be download an Ubuntu Live CD, boot it up access the hard-disk were this file is and delete it, then restart the computer and boot onto windows.
If you know were this file is try to delete it.
 
ok let me try booting in safe mode and logging in and see what happens, if it lets me do anything. I tell you the damn virus is so smart..damn!

thanks guys..will keep you posted.
 
Sounds awful.

First I'd try combofix. You may need to save it to a jumpdrive then rename it something like "ohmanthissucks.exe" to trick the virus:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Additionally you can try MBAM if you have it installed. If the virus killed the executable for MBAM you'll need to download the executable with a name it won't recognize then place it in the MBAM directory:
http://malwarebytes.org/mbam-download-exe-random.php

Then run MBAM. (More info about MBAM.)

There's another awesome anti-virus program for just this sort of "oh-shit" scenario but I can't bloody remember what it's called.... I'm looking for it now...And found it. It's called GMER and it's a sick root-kit scanner:
http://www.gmer.net/download.php
Just like Combofix this program has as much ability to do good as it does to do harm. Please for the love of god read up before you try to make changes.

The other option is to use a bootable OS like BartPE/Hiren's/Winternals to go in and delete as much of the virus as you can manually then startup normally and run antivirus software (particularly combofix).
 
Last edited:
yayyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy...it worked!!! Malwarebytes rock baby!!!

i started in safe mode and was able to access the internet under the admin account, installed and ran malwarebytes..it found 11 rougue virus..not sure what that is but it deleted them and once i restarted and went back into admin account, i was able to get on the internet, run regedit and antivirus software all ofwhich I couldn't do....so now I am running malwarebytes again out of safe mode just to be extra sure...

thanks so much guys...I'm leaving this thread up..might be able to help someone else someday.

peace from the Bahamas!!!
 
You must log in or register to reply here.
Back
Top