I have a virus that shuts down Spybot and AVG when I run them, unless I run both in Safe Mode. But in Safe Mode Spybot or AVG will not get rid of the virus that shuts them down.

This started to happen on my PC around the time I got annoying junk spyware ads.

Any suggetions?

steve at home

Perhaps:

Boot up as normal; run an on-line freebie scan via these two (run both):

http://housecall.trendmicro.com/uk

http://www.ewido.net/en/onlinescan

Another approach; boot up with a Linux variant on a CD - e.g. Knoppix or Ubuntu. Once up and running go on-line and again scan the system as above; also perhaps run the built-in scanner that is with both linux variants on a CD?

Also disable system restore until you have cleaned out the system... Perhaps do that first and then try a standard reboot and see if you can run a scan etc? If it fails at any part of this approach... it then use the on-line approaches as above?

But leave system restore disabled until clean.

Thanks for your help! I will try those approaches.

steve at home

Incidentally, if the pest is identified... note its name, details, etc; post here for others to be aware... And also do a trawl (google/yahoo etc. ) for possible resolutions?

Is this it? Look in the wikipedia link.
http://www.google.com/search?hl=en&...

(1) Goto GMER.net,
(2) Download GMER,
(3) Install it in SAFE MODE.
(4) Run GMER in SAFE MODE and see if you have a ROOTKIT on your drive. (Note: GMER may install GMER.sys in your windows/system32folder -- in order o erase the rootit/virus)
(5) Please POST oyur GMER log here.

This happened to a Chinese friend of mine. Nothing stopped the rootkit to overtaking the kernel. Of course I ended updoing hard formatting and re-installing XP.

It definitely looks like a SmitFraud Virus. But I have no idea how to "boot with DOS or Linux, then remove the files, then afterwards remove the registry keys" as per the suggestion from Wikipedia (above in Response #4).

steve at home

If it is SmitFraud go Here:

http://siri.urz.free.fr/Fix/Smitfra...

bigboy