My dad recently got some kind of MALWARE on his computer. The main virus name is a hidden executable named yt8a.exe and it's located in C:\Windows\system32\yt8a.exe. I noticed it in his startup when i ran msconfig. I tried to google it and EVERYTIME i clicked ENTER it closed out firefox. I can't delete this file at all. I've restarted in safemode but it still tells me that another program is using it. I've tried searching through regedit for yt8a but nothing happens when I press search or f3. When I try searching from windows for yt8a it just closes my search query. I tried to install several different anti-virus programs(AVG, Avast, Pandasomething) but it gives me an error, "Something bad happened with the application." Even worse, after I went to folder options to show extensions on known file types, it changed my setting so that I can no longer view hidden files or folders. Everytime I click the option and click apply or OK nothing happens and when I open up the Folder Options window it's reverted back to hide hidden files. I've even tried going through the registry HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\EXPLORER\ADVANCED\HIDDEN(this is off the top of my head) and changed the value manually to 1 but then when I close regedit and open it up again it's changed back. It get's worse, so much worse. Last week after charging my mp3 player on his computer I realized a lot of my music had been corrupted on my mp3 player. This was before I knew he had a virus/malware, and later I was charging it on my new computer(built it about 2 months ago). So while I was trying to fix this yt8a problem, I plugged in my mp3 player on my laptop, it asked me what I wanted to do, run yt8a.exe, open folder to view files, etc... That's when I realized that my mp3 player was infected. I tried plugging in a removable usb drive on my dad's infected computer and it immediately made a copy of the yt8a.exe and also a nifty Auto.inf that I assume tries to make it run automatically. Luckily I was able to delete it off my flash drive. Not so much for my dad's computer. He has his HD partitioned into 2 seperate partitions, C: and D: and now they both have a copy of the yt8a.exe and auto.inf(C:/yt8a.exe). These I can delete but they immediately come back like magic. Even after shift deleting nothing helps. Anyways I told my dad he should reformat because at this point I kind of gave up. When I got back home I was antsy because I knew i had charged and put music on my computer from my mp3 player recently and I was really hoping that I hadn't gotten infected. I lost Now I have the virus and I'm kind of pissed. This computers pretty new and I haven't installed anything suspicious. I keep my computer clean and I'm VERY VERY VERY cautious about what I install(pretty much bare essentials, vlc, firefox, foobar, etc) and I surf the web pretty safely(Noscript destroys most java attacks and such) so I'm pretty pissed that somehow I end up with this.

Anyways, sorry that was such a long explanation. I ran through the guidelines for your malware thing and I have two of the logs included for MBAM and SUPERAntiSpyware. It won't let me install hijack this however, even if I change the name to sniper.exe or I tried asdasdasd.exe. Nothing happens when I double click the file. I'm at a loss guys, PLEASE PLEASE PLEASE tell me you can help me because I am stumped. I already had to reformat once(I've had this computer 2 months) because my nephew downloaded some virus two days after I installed windows. I don't really mind reformatting but I've made so many configurations and tweeks that I don't want to have to redo everything...AGAIN. PLEASE tell me someone can help me.

[attachment deleted by admin]The problem with that is that even when I am in safe mode I am still under attack! So even if i made a system restore checkpoint then it's still gonna load up with the virus on.Roosterfor - Welcome to the CH forums.

You should have posted on the 'Computer viruses and spyware' forum where the removal gurus patrol. Please now wait until one of the CH AUTHORISED malware removal specialists/moderator picks up your post and probably moves it to there. CH does not appreciate anyone other than a CH authorised removal specialist dishing out advice on malware removal.

Good luckOh, my bad. I didn't even realize. Anyways, apologies in advance to any admins or moderators that read this.