It's got a very pesky bug...
Anyways, let me get started explaining the situation. Firstly, the bug will disable the Task Manager in a way that you can only access the, "Applications" tab of the utility and nothing else. The bug also prevents explorer.exe from starting, and if it does manage to start, it only stays up a minute maximum before going offline again. Not a problem though, I can still browse the computer's folders through the task manager's browse feature to launch new processes.
Now this is the interesting part. When my neighbors first got the bug they installed PC Tools Spyware Doctor (Free Version) because they read it was the best. So, I used the utility to see if it could find the bug, or some of the bugs. Well, after the scan finished it found a Virtumonde entry that appeared to have listings of the bug I am encountering. Spy Doctor reported that Virtumonde was embedded into WinMgmt.exe and some other critical OS processes making it impossible to not boot the virus (Yup, even from safe mode) to get rid of it. UNFORTUNATELY it was the free version, and the utility would not remove the bug. Afterward we waited (was late that evening) and the next day I returned with a flash drive and a copy of VundoFix.exe. This utility will supposedly find and eliminate the Vundo virus (Virtumonde is a form of the Vundo Virus.)
When I launched the VundoFix.exe utility, it returned an error:
Run-time error '-2147023174 (80070706ba)';
System Error &H800706BA (-2147023174). The RPC server is unavailable.
Alright, no big deal, I'll just start the RPC server / service. *Caugh* WRONG! Well, surprise surprise. The virus restructured itself. Now the services can no longer be accessed, instead this error is returned:
Unable to open service control manager database on .
Error 1307: This security ID may not be assigned as the owner of this object.
Well, I'm logged in as the administrator, so this is strange. Well, I carry on and attempt to run an online scan with NOD32 or the OneCare safety scan. Unfortunately, neither firefox nor Internet Explorer manage to connect to websites. So I check the connections panel. Well, that doesn't load. So I decide to download the trial version of NOD32 and Ad-Aware 2008 to install onto the system. Well, I stick in the flash drive and upon attempting to install the Antivirus another error is returned that the Windows Installer Service is offline and can't be reached. That's just great, since I can't access the services of the system to activate any of these crucial services. So obviously installing bug removal software is out of the question.
This virus just has me beat. I'm going to try one more thing, which is the last idea I have before giving up and suggesting a reformat. My question is in regards to this virus. Can anyone suggest something that will unlock the services and Internet so that I can launch the Windows Installer service and access the web to get the latest security definitions? Or does anyone else agree with me and think this is a lost cause?
A side-note. Could the hard-drive jumper setting have anything to do with this? I managed to forget which slot it was in when I took it out to set the hard-drive as slave so that I could scan it on a different system (No, that other computer did not get infected.) The reason I'm asking, when I set the jumper as primary the dell BIOS doesn't recognize the Hard Drive. However when I pull the jumper out, set it as CS, or set it in a slot without a label, the BIOS picks it up and boots without a hitch. There's one jumper setting that I have not tried out yet. It's labeled PM2.
Anyways... Thanks in advance for any assistance. Been battling this sucker for quite some time now.
