Charles said:
Computer Club member's Dell laptop. The computer starts up with the
Privacy Center stating there are 140 infections and all sorts of other
problems.
One can't open the start menu (no Task bar), can't open Windows
Explorer, and so on. When starting in safe mode, I can shut Privacy
Center down using the Task Manager after the third attempt. The first
two times, it says that it can't shut it down... Still can't open
Windows Explorer or see the task bar.
I haven't the foggiest notion as to where to go now. Any suggestions
appreciated.
Another approach to malware, is to boot an alternate OS disc and
scan from there. This is an example of such a disc.
http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk/
You burn a CD with the download. Use a tool like Nero to convert
the ISO9660 download, into a bootable CD. Don't just "copy" the file
to a CD. The ISO9660 needs to be converted with the burning utility.
Then, boot the affected computer with the new CD. The CD is a Linux system
and boots using available memory. Once started, it uses DHCP to connect to
Kaspersky using your Internet connection. As long as the networking
in your room is already set up, for computers using DHCP, the
Kaspersky CD should be able to contact Kaspersky and get virus
updates, downloading them into system memory on the infected computer.
I don't really know how good this particular tool is, and I'm
only presenting the *concept* of booting with something
other than the original Windows, as a recovery mechanism.
The Kaspersky CD quarantined the EICAR "test virus" I put on
my C drive, but I haven't tested what it does when real malware
is present.
*******
Connecting a hard drive to a second computer, is another way of
working on that drive. I expect MBAM, suggested here, would work
best if used while you're booting the infected computer. I don't
know if it would work well on the drive, if it is just connected
as a data drive.
http://www.bleepingcomputer.com/virus-removal/remove-privacy-center
You can see the list of Privacy Center files at the end of the article.
It looks like "agent.exe" is a key component of the rogue. So even
renaming the agent.exe file would be a start. But you likely have
so many other problems, that concentrating on "agent.exe" at this
point would be a waste of time.
Paul