Is This A Virus?

Noticed a problem when I tried to play a video on firefox and it wouldn't play properly (no sound, video freezing). Tried to open internet explorer, and nothing happened (tried opening without add-ons, as well). Opened task manager, and my username is now listed as "(unknown)", and it won't let me show processes from all users. Computer says I am not authorized to restart, shut down, or open the control panel.

A spybot scan didn't find anything, but it wouldn't let me download any updates (clicked updates, nothing happened). When I try to open malwarebytes (previously installed) I get this message: "the endpoint mapper database entry could not be created". I tried to download rkill, thinking maybe a virus was preventing malwarebytes from opening, but when I download it (tried all variations, .com, .exe, .scr, etc) it asks me to select a launch application to open the file with. The same thing happens when I try to install exehelper, and when I try to re-install malwarebytes I get the "endpoint mapper" error. Firefox won't update to the newest version--it downloads, but then fails to install. I tried to install the new version of firefox over top of the old one, but I get the endpoint mapper error, same as with MBAM.

My OS is Vista.

Any help would be hugely appreciated, and by way of warning: I am not all that computer literate, you may need to spell things out for me. Thank you.

 

Welcome to Computer Help Forums!

The quick answer is that it does appear that you have been infected with something (Well probably not you, but your computer.) I would suggest that our malware removal experts are probably sleeping in the UK at the moment but will probably see this in the morning. Have a look at THIS POST it may get you started. But don't get too frustrated if some of it seems to be blocked by the very problem you are encountering.

 

BeeCeeBee,

Thanks for the heads up and the info. You're right, the suggestions in that post appear to be unavailable to me. I didn't try to install and run TFC, because that post says I should backup the system with ERUNT first and that one would not install (just like everything else, it asks me to select a launch program).

I'll try to be patient and wait for the experts

 

Hi Wegg, BeeCeeBee has given good advice in his suggestion to prepare for one of the resident malware experts to post. But one thing you could try now is to start your computer in safe mode with networking, and then see if you can run malwarebytes. (Don't forget to update it before the scan)
Let us know how you get on.

 

Thanks DSTM,

Unfortunately, my computer won't let me restart it. It says "the system administrator has disabled some power states for this user" (note: I am the only user on this computer). Is there a way to bypass this?

 

Sounds like you are not getting into safe mode.

Tapp F8 repeatedly on startup.

Try and do a system restore from Safe Mode.

May take a few tries to get it right.

Then run Malwarebytes in Safe Mode.

 

Alright, so I am now running malwarebytes in safe mode. I did not do a system restore because I didn't read your post until after I'd restarted. Oddly, when I hit the power button the computer went to the user sign-on screen rather than turning off, BUT there was no cursor on the screen and the user name was in the form of "MY USERNAME-PC my username". I didn't type anything in, at that point I turned off the power supply and that's how I got the computer to shut down finally so that I could restart.

 

What Vista CD'S have you?

What is the make and model of your Computer?

Is this what you are seeing in Safe Mode?

Initially you use the keyboard Arrow keys to navigate, then press enter and wait a couple of minutes normally.

 

Yes, that's how it looked. I selected "safe mode with networking". Malwarebytes is still scanning right now, but it hasn't found anything yet.

 

Let Malwarebytes finish.

Often a system Restore in safe mode to a time before all this started, will fix the "the system administrator has disabled some power states for this user" issue.

 

Thank you for all your help so far DSTM. Malwarebytes identified "Rogue.AntivirusSuite.Gen" and "PUM.Bad.Proxy", and I had them deleted. Is there something that I should do next or should I just restart the computer normally?

 

You are indeed infected and I would do nothing more at this stage.

By deleted I presume these Viruses are Quarantined.

Wait for our Malware expert (Starbuck) to advise you further.

I have Emailed Starbuck on your behalf.

 

Starbuck, after running malwarebytes I've gotten into normal mode and things seem to be running smoothly again. I also did download AVAST and ran a scan, which found nothing. Should I still download roguekiller, or is that unnecessary? I also ran hijack this and have logs that I can post, if that would help. A site moderator at a different help site (when this happened I posted everywhere I could think of, panicked a bit I suppose) also suggested that I download gmer, but it seems to have pretty negative reviews on cnet. Would you suggest I download this software?

You guys have been a lot of help so far.