Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some Tenacious Malware Blocking Install Of Malware-removers


  • Please log in to reply
6 replies to this topic

#1 Emfuser

Emfuser

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 27 June 2008 - 09:48 PM

Greetings,

I am repairing the computer of a neighbor and have encountered a pretty nasty infection.

Although I am able to install and run CCleaner, AdAware2008, a-squared, and SpyBlaster, I am blocked from installing everything else I've been able to think of to combat malware.

The following install programs do not execute:
-Malware bytes
-Spybot search & destroy
-Combofix
-DSFix

Firefox will install, but will not run. Opera won't even download via the corrupted IE. None of this changes in safe mode.

In IE itself, all links out of search engines clicked are redirected. If you manually input an address, it fails to connect.

When I ran AdAware and a-squared, it turned up trojans, CWS, Zango, some redirect stuff, etc (I can't remember it all) and did some removal of those. However, no matter how many registry entries I trim out via HiJackThis, I still haven't found what's up. CWShredder comes up clean.

This is a new one for me. Maybe a rootkit?

I plan on returning to their home (one house away) and finishing this off tomorrow. I'd like to get an opinion of what I might be facing.

Thanks,
--E--

BC AdBot (Login to Remove)

 


#2 Emfuser

Emfuser
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 28 June 2008 - 09:35 AM

Ok... can ANYONE point me to ANY resource about what sorts of programs might actually be blocking install of my repair programs on the machine in question?

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:57 PM

Posted 28 June 2008 - 10:31 AM

Try renaming the Malware bytes folder on the desktop to say Soup. see if it runs,then post a log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Emfuser

Emfuser
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 28 June 2008 - 11:01 AM

Try renaming the Malware bytes folder on the desktop to say Soup. see if it runs,then post a log.


I'm not sure I understand.

I have tried to run the installer from a thumb drive and also from a copy of that file placed onto the desktop. There aren't any installed files or folders created. The installer never runs.

Could you please clarify?

Edited by Emfuser, 28 June 2008 - 11:02 AM.


#5 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:57 PM

Posted 28 June 2008 - 11:18 AM

If this is an XP computer that's infected

http://www.bleepingcomputer.com/forums/ind...#entry798468Use

this guide to immunize a flash drive and the healthy computer

http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/

Print these directions for SDFix, download and install SDFix on the healthy computer, Copy the SDFix folder from the C drive of the healthy computer to the usb drive

http://www.bleepingcomputer.com/forums/ind...mp;#entry845007

in post 11 and 12 you might also add these files to your arsenal

copy the SDFix folder to your C drive on the infected computer, run it according to directions and post the log

Edited by DaChew, 28 June 2008 - 11:20 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#6 Emfuser

Emfuser
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 28 June 2008 - 02:36 PM

I finally got through enough mess to get Kaspersky to install, which found and fixed the problem. A number of system .dll and .sys files in the System32 folder had been infected, and were deleted or cleaned up. Further scanning revealed a DNSchanger win32 trojan that had hijacked the internet connection.

With that fix, I was able to install and run spybot S&D, which found smitfraud and a few other bits of malware. I did a cleanup, did an immunization, did another run with SpyBlaster, and did all of the Kaspersky scans except the deep one, which I left running (will be 4-6 hours).

I have never seen anything that nasty and persistent.

Thanks for the advice. :thumbsup:

#7 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:57 PM

Posted 28 June 2008 - 02:46 PM

If the Kasp scan is only a detection not a removal tool then I would run MBAM as soon as possible, these nasty infections reload after you have removed parts of them

http://www.bleepingcomputer.com/forums/ind...mp;#entry811062
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users