Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Antivirus 2009 Infection -- All Avenues Exhausted

  • Please log in to reply
3 replies to this topic

#1 Giggsteve8


  • Members
  • 38 posts
  • Local time:05:27 AM

Posted 22 December 2008 - 02:39 AM


This is my first post, and I'm desperate. I'll be as concise as possible.

A friend's laptop is infected with Antivirus 2009, and most likely many other things. Her computer is running
Windows XP 5.1, Build 2600.

I have attempted to use Malwarebytes, Combofix, SDfix, SmitFraudFix, SuperAntiSpyware, HiJackThis, and DrWeb. My problem is that I cannot get anything to run.

SuperAntiSpyware: Got it installed, receive a "...has encountered a problem and needs to close." message. I receive this in normal, as well as safe mode.

ComboFix: Just attempts to load, then nothing. No error, in safe and normal mode.

Malwarebytes: Attempts to load, then nothing. No error, in safe and normal mode.

SDFix: Attempts to load, then nothing. No error, in safe and normal mode.

SmitFraudFix: Attempts to load, then nothing. No error, in safe and normal mode.

I have renamed the executable file names, checked environmental variables and the cmd.exe seems to be working fine. I deleted the temp files, and have just come to a dead end. I have searched google endlessly for a solution, to no avail.

I have never had to reformat a computer before, and I hope that with your help, I can get to the bottom of this. I'm very excited to see what your collective minds can come up with.

Thank you in advance.

BC AdBot (Login to Remove)


#2 Guest_superbird_*


  • Guests

Posted 22 December 2008 - 04:27 AM


Welcome here. :thumbsup:

Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
Posted Image
Posted Image
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

#3 Giggsteve8

  • Topic Starter

  • Members
  • 38 posts

Posted 22 December 2008 - 12:54 PM


Thank you so much for taking the time to look at my topic.

Unfortunately, I resolved this issue right before I checked this post.

I found that I was able to download Combofix.exe and rename it as Combo-Fix.exe before downloading. I put this on a flash drive and it was able to run on the infected machine.

It found a VERY nasty rootkit.

That took care of most of it, after a reboot it finished scanning, and I cleaned up with MalwareBytes, HiJackThis, and Ad-Aware. Also, I have installed Firefox 3.0 on her computer ;)

Thank you so much for taking time to assist me, and I apologize for wasting that time.

Thanks again!

#4 Guest_superbird_*


  • Guests

Posted 22 December 2008 - 12:56 PM

You're welcome, and we're here to help you, so don't apologize for the time you took. :thumbsup:

Happy surfing again. :flowers:

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users