Malware infection in XP. Can't see Taskbar. How to solve?

[arlab]

Greetings.

My Windows XP boots fine until the screen for the selection of the User account. When I select an account (doesn't matter which), the Taskbar/Desktop icons never appear.
But things seem to be working, though, as sometimes, some alerts from Panda Antivirus appear (but just advertisement. They don't reference any virus).

I can start the Windows Task Manager (via Ctrl+Alt+Delete) and I see that I have some malware processes running (e.g. 9129837.exe, xccef090131). I terminate them. I've also found that in the folder Windows/system32 there were some malware executables. I've also deleted them.

However, when I restart the computer, those malware processes/executables are created again.

I've also seen some messages saying that "msas2009.exe" and the application Utool has found some errors. These are also known malware.


Things I've tried: running Malwarebytes, but I can't install it. I go to Windows Task Bar -> File -> New Task (Run...) and try to run the setup for Malwarebytes, but nothing happens.
But, some executables I can run: I run the Command Prompt without any problems (via the same system).

I've also tried to terminate the explorer.exe process and re-running it. Still, no Taskbar appears.

Finally, I've run a full system scan with Panda Antivirus 2009... Nothing was found...

Anyone knows how I can remove this malware. Maybe by seeing the programs that are being run as Windows starts and eliminating some?

Help me, please.

NOTE: The same thing happens when I launch XP in Security Mode (by holding F8 at start-up).

[Marin85]

A few points to begin:
1. Are you able to install anything under these circumstances (perhaps in Safe Mode)? (this would be important to install some tools)
2. Check run -> msconfig -> startup. If you happen to find any malicious startup items (there should be some!), remove them.
3. Try to back up your data in case you have to reinstall...
4. Try to identify which files correspond to the malicious processes (-> right click on the process -> open file location), then terminate the process and shred the corresponding files. However, this may not go very straightforward as the system may not allow you to do this, so you will need some shredder utility that is independent of explorer (if you happen to have any already installed...). It´s possible that the malware recreates itself on reboot or on deletion attempt.

Marin

[Marin85]

BTW, if you manage to locate the source of the malicious process/malware, then you could use some Linux live-cd that works with NTFS (say Ubuntu 8.10) to delete those files manually. WIndows will run chkdsk on the next reboot, but that´s normal.

[GomJabbar]

You might want to go to a forum that specializes in this sort of thing. If you knew what you had, a solution might be found here.

Here is a thread at another forum with symptoms similar to yours.
http://www.hijackthis-forum.de/english- ... osted.html

[arlab]

Thanks GomJabbar. That forum was really helpful.

My computer was infected with Virus.Win32.Virut.ce.

[GomJabbar]

I am glad I pointed you in a useful direction.