Security responses available when anti-vrials do not work?

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > Am I infected? What do I do?

When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

Security responses available when anti-vrials do not work?

Options

DnDer View Member Profile	Oct 29 2008, 12:10 PM Post #1
Forum Regular Group: Members Posts: 291 Joined: 25-October 08 Member No.: 249,836	Currently trying to diagnose and repair an HP Pavillion (running XP Home, SP2) for a coworker. Computer came in with complaints of being slow and unable to boot. I could not replicate the inability to boot - I was prompted to boot from last known good configuration, which I did. Before anti-virals were put into place, browser hijack attempts have been confirmed. Multiple IE toolbars (that are not google) indicate the potential for a dearth of spyware. Processor often runs at 100% and the page file is obscenely large. I disabled Windows Defender, as that was regularly causing 80-90% of my process usage, to little effect. I cleared all internet activity (cookies, history, etc) followed by defragment and scandisk, which reported nothing out of the ordinary. Processor usage still runs between 70-100% on a continuing basis. After that, I downloaded and installed my three most common and rapidly-deployed solutions: AVG, Ad-Aware and Spybot. I usually post HiJack This logs to forums after initial cleanings. Ad-Aware locked up and went into "not responding" halfway through a full scan, and 77 items recorded as infected. Spybot won't update, from any of the server - it downloads hald the updates before entering a "not responding" state. AVG, despite having a "scan running" icon in the taskbar is not shown as a running process. Booting into safe mode gives me the opportunity to run AVG's command line scanner (which I'm doing right now), but Spybot isn't even available - I just can't find it. Ad-Aware gives me an error screen and will not run. Even safe mode doesn't seem to be working. The computer is obviously infected. I have been unable to use my standard tools to correct the problems. What are my options now, to properly escalate my response and clean out this computer? *Wiping the HDD is not* an option.** The user has neither restore discs nor drivers available for that. I'm stuck doing it the long, hard way. I've got to be honest: I'm stumped. What does one do, when you can't get your anti-virals up and running properly?

Replies (1 - 3)

xblindx View Member Profile	Oct 29 2008, 03:02 PM Post #2
Forum Addict Group: Members Posts: 1,430 Joined: 21-September 08 From: NeverLand Member No.: 240,362	Hi DnDer and welcome to the forums! =) Please download Malwarebytes Anti-malware Please download Malwarebytes Anti-Malware and save it to your desktop. Make sure you are connected to the Internet. Double-click on mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. On the Scanner tab: Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. Make sure that *everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad. The log is automatically saved and can be viewed by clicking the Logs* tab in MBAM. Copy and paste the contents of that report in your next reply and exit MBAM. Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes. Please post back with: - MBAM log This post has been edited by xblindx: Oct 29 2008, 03:02 PM -------------------- Please help people in need for free by visiting Free Rice Increase the security of your computer by using SpywareBlaster Please use the button to post a reply. Do not use the button

DnDer View Member Profile	Oct 29 2008, 03:10 PM Post #3
Forum Regular Group: Members Posts: 291 Joined: 25-October 08 Member No.: 249,836	Originally, I posted my problem over at Windows BBS. As of right now, I'll wait for their log check to come back, correct it, and then run mbam.

xblindx View Member Profile	Oct 29 2008, 03:13 PM Post #4
Forum Addict Group: Members Posts: 1,430 Joined: 21-September 08 From: NeverLand Member No.: 240,362	That is fine. I will be here when you return (not in a creepy way ) Since I am not trained in analyzing HJT logs, I can't do much more than wait anyways, ahh, this will be boring. Lets entertain myself with a funny smiley This post has been edited by xblindx: Oct 29 2008, 03:14 PM -------------------- Please help people in need for free by visiting Free Rice Increase the security of your computer by using SpywareBlaster Please use the button to post a reply. Do not use the button

« Next Oldest · Am I infected? What do I do? · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Switch to: Standard · Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 21st November 2009 - 03:10 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides