Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security responses available when anti-vrials do not work?


  • Please log in to reply
3 replies to this topic

#1 DnDer

DnDer

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 29 October 2008 - 12:10 PM

Currently trying to diagnose and repair an HP Pavillion (running XP Home, SP2) for a coworker. Computer came in with complaints of being slow and unable to boot. I could not replicate the inability to boot - I was prompted to boot from last known good configuration, which I did.

Before anti-virals were put into place, browser hijack attempts have been confirmed. Multiple IE toolbars (that are not google) indicate the potential for a dearth of spyware. Processor often runs at 100% and the page file is obscenely large. I disabled Windows Defender, as that was regularly causing 80-90% of my process usage, to little effect.

I cleared all internet activity (cookies, history, etc) followed by defragment and scandisk, which reported nothing out of the ordinary. Processor usage still runs between 70-100% on a continuing basis.

After that, I downloaded and installed my three most common and rapidly-deployed solutions: AVG, Ad-Aware and Spybot. I usually post HiJack This logs to forums after initial cleanings.

Ad-Aware locked up and went into "not responding" halfway through a full scan, and 77 items recorded as infected. Spybot won't update, from any of the server - it downloads hald the updates before entering a "not responding" state. AVG, despite having a "scan running" icon in the taskbar is not shown as a running process.

Booting into safe mode gives me the opportunity to run AVG's command line scanner (which I'm doing right now), but Spybot isn't even available - I just can't find it. Ad-Aware gives me an error screen and will not run. Even safe mode doesn't seem to be working.

The computer is obviously infected. I have been unable to use my standard tools to correct the problems. What are my options now, to properly escalate my response and clean out this computer?

Wiping the HDD is not an option. The user has neither restore discs nor drivers available for that. I'm stuck doing it the long, hard way.

I've got to be honest: I'm stumped. What does one do, when you can't get your anti-virals up and running properly?

BC AdBot (Login to Remove)

 


#2 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 29 October 2008 - 03:02 PM

Hi DnDer and welcome to the forums! =)

Please download Malwarebytes Anti-malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Please post back with:
- MBAM log

Edited by xblindx, 29 October 2008 - 03:02 PM.


#3 DnDer

DnDer
  • Topic Starter

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 29 October 2008 - 03:10 PM

Originally, I posted my problem over at Windows BBS.

As of right now, I'll wait for their log check to come back, correct it, and then run mbam.

#4 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 29 October 2008 - 03:13 PM

That is fine. I will be here when you return (not in a creepy way :flowers:)

Since I am not trained in analyzing HJT logs, I can't do much more than wait anyways, ahh, this will be boring. Lets entertain myself with a funny smiley :thumbsup:

Edited by xblindx, 29 October 2008 - 03:14 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users