Posted 09 June 2009 - 08:41 PM
I've been working on a computer for 2 days now and am at a loss as to what has infected this thing.
I started off trying the normal utilities, Malwarebytes, SuperAntiSpyware, and Combofix. But I was met with some resistance. None of these would install. Watching the processes as I tried running the installers, I would see them start, hit 99% CPU and then die off. I'm not sure where I read it, but I renamed the MBAM-Setup.exe to mbamsetup.exe and was able to get malwarebytes to install. Unfortunately, all attempts at updating malwarebytes have failed. It continuously says to check the internet connection.
Now, I know it's connected to the internet and actively sending copious amounts of spam mail as my Endian Firewall was catching all of it and rejecting it back. 22,000 e-mails in 10 minutes.
I then booted with UBCD4WIN and loaded up SuperAntiSpyware from within it and got it up to date and scanned. I found multiple instances of Vundo and RogueScan. I removed all of them and once again rebooted to normal Windows XP Home. Again I was unable to install or run ANY anti-spyware/malware software. Again I watched the process list and they would start, hit 99% CPU and die. I was able to kill off and delete "wscsvc32.exe" and stop it from popping the annoying multiple "you're infected" messages.
I tried running combofix as I have multiple times on multiple other machines and again, the process would start, hit 99% and die. I renamed combofix.exe to combo-fix.exe and it would now open and start running. I could see multiple parts of combofix running in the processes list and was finally met with a small box in the middle of the desktop with a "question mark balloon" and an "OK" button.
No matter what I do, I can not get combofix to run properly on this machine let alone any other removal products.
As I'm at a loss as the title states, I'm asking....
Has anyone run into this before???
"Admire those who attempt great things, even though they fail."