Problem with AV hang, dds.scr not running, Search redirect

I am having issues with Anti Virus tools hanging, search redirection and I can't get cmd to run. Trying to get ddr.scr to run results in a quick flash of what looks like the command prompt but then it goes away. I am currently offline with that machine due to the issues it was having, I download the dds.scr to USB stick and put in on the desktop that way.

Originally I am pretty sure I had the conficker issue as I could not update windows, then I tried to update and run the anti-virus software. That didn't work either. On the Microsoft website was a description of how to manually do the update, which required editing the registry. I did that and identified kmsvc.dll as a potential culprit. Removing that allowed me to get to update one time, however on restart, I could not again. I did run SuperAntispyware and MBAM with neither showing a problem, but the issues with redirection on searches persisted. It was taking some 6 hours or so for the scans so I have since uninstalled some of my larger programs, and reinstalled SuperAntispyware and MBAM from a clean computer when I downloaded dds.scr. I was trying to generate the two dds.scr logs to send one along, but as stated above that did not work.

So at this point I am very concerned with what is going on, and how much of my personal information could be compromised by these events. Please let me know which tools you would like me to run and what additional information could make your job easier. And BTW: Thank you in advance

Machine Dell XPS 600, Pentium D
Windows XP, SP3, Build 2600
2GB RAM, 250GB HD

On the machine are the following tools downloaded to a clean laptop and transferred to the machine via USB stick.
Superantispyware
Malwarebytes antimalware
Spybot SD
Ad Aware
Spyware Blaster
HJT
OTListIT2
ATF-Cleaner


I haven't run all of these yet, but I have been collecting as I have been reading others' posts so they are available.

Hi,

Do you have MBAM installed on the good computer? This because it targets and removes this pest, but since you can't update it, you need to transfer the update file from the good to the infected computer.
So, update mbam first on the good computer - make sure it's version 1.35 and database version 1937 (or higher). Then navigate to the C:\Documents and settings\All Users\application data\MalwareBytes\Malwarebytes' Anti-Malware - folder and in there you'll find the file rules.ref
In case you're using Vista, the file will be present in C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware
Transfer that file via usb to the infected computer and let it overwrite the existing rules.ref (make sure your mbam is closed when you do that)

Then run MBAM on the infected computer, let it reboot (IMPORTANT) and post the log in your next reply.

So on reboot, it just continually reboots. That is new behaviour, I tried safe mode with no luck.

Can you post the malwarebytes log please?
Also a hijackThislog?

Looks like it's more aggressive then we thought. We can't reproduce this here with the same infection, so can you test something please?
From the F8 menu, can you select "disable automatic restart on system failure" - then let me know what exact errors you see.
This should tell us what this piece of malware exactly does at reboot when scanners are trying to delete it.
To get back into Windows, use the "last known good" option afterwards. Then post the mbam log and a HijackThislog.

Edited by miekiemoes, 03 April 2009 - 07:39 PM.

I haven't been able to get back into the computer. I have booted off the install disk, gone to the repair screen. The C: is not available and chkdsk gives me the following error " The volume appears to contain one or more unrecoverable problems"


Any ideas?

Hi,

This looks like something was actually already damaged before though. This error may be caused by a corrupt file system or bad ram. Could also because your MBR got corrupted.
Please read here: http://support.microsoft.com/kb/314503
I don't know what else you've tried on the computer already besides running those extra scans, but if your ram was already faulty and you've used a lot of things in between that puts extra stress on the cpu, it may indeed give that as a result.

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.