virus message displays briefly before user login screen

Hi all

This error message pops up when booting the computer up but before the screen where the users can login.. I have taken a photo - but its not the clearest because it is only there for half a second.

I have run Superantispyware and Malwarebytes Antimalware, but neither have been able to get rid of this thing.

***NEW***  I just noticed there is a fake bluescreen that kicks up as the screensaver - it then gives the impression that it is rebooting.. but if you hit escape it simply goes back to the desktop.

Does anyone have any ideas on how to remove this infection?
Who is Participating?
rpggamergirlConnect With a Mentor Commented:
Can we look at the malwareBytes log please?

The "Warnig sign" is of Smitfraud, so use Smitfraudix, either Smitfraudfix or SDFix should take care of it, if problem persists then we'll use Combofix.
Download SmitfraudFix, and select Option 2. Clean (Safe mode recommended)

Please download ComboFix by sUBs:
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
beefstu123Author Commented:
Attached is the Hijackthis logfile of this system...
beefstu123Author Commented:
-UPDATE-  now after each restart i am getting the same warning as a background display picture. i have attached a screen shot if anyone needs it
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Or use SDFix, the bad files in the log is in SDFix database.

Download SDFix and save it to your desktop.(either one below)

Double click SDFix and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
*  Instead of Windows loading as normal, a menu with options should appear;
*  Select the first option, to run Windows in Safe Mode, then press "Enter".
*  Choose your usual account.
*  Open the extracted folder and double click "RunThis.bat" to start the script.
*  Type "Y" to begin the script.
*  It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
*  Press any Key and it will restart the PC.
*  Your system will take longer that normal to restart as the fixtool will be running and removing files.
*  When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
*  Finally open the SDFix folder on your desktop and attach the "Report.txt" back
beefstu123Author Commented:
thanks for your help rpggamergirl :)

ive attached the malwarebytes logs for you to see.

smitfraud went through with no troubles and im about to run combo fix

thanks again
beefstu123Author Commented:
here is the combofix log
beefstu123Author Commented:
thanks :)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.