I have a Windows XP desktop that appears to have LOTS of spyware infections. The machine has a bunch of erronous entires in msconfig under the startup tab that literally had like 100 copies of the same file that resided in the local users temp files. I've tried unchecking them all but it adds a few more upon reboot. The infection shows one of the malicious Anti-Virus Pro 2009 messages alerting you of infections, however, unlike most of these that i have seen, it tries to open this .exe file that is in msconfig about a hundred times and within about a minute of booting to the desktop, Windows becomes unusable as to many window end up open.
It also appears to have hijacked the browswer as trying to go to anti-virus/spyware websites ends up in a re-direct going to another site. I did manage to get Super-antispyware downloaded as well as MBAM. However, MBAM kept giving run-time errors when you tried to run it. Super Anti-Spyware ran and I did the quickscan which found over 1000 threats, but even though it said it removed it all, the same thing happended upon reboot. I'm thinking of trying combofix next if I can get the machien stable enough.
The problem is, I cannot boot to safe mode. If I try from the F8 menu, it starts showing the files its loading and then it just restarts the machine. It never makes it to the desktop. I've tried safe mode with networking and plan safe mode, same thing. This is what makes it difficutl to run combofix or some type of software as the machine just restarts itself in safe mode and normal mode has tons of infections.
The machine just beame unstable over the weekend. On Friday, it was useable.
Sality and other nasties delete safeboot keys so that's why an infected pc can't boot in safe mode.
Supposing your Combofix is on your desktop you can run this command:
Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.
"%userprofile%\desktop\com