Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Completely unsure of what I'm dealing with

  • This topic is locked This topic is locked
2 replies to this topic

#1 Benjamin Uzelac

Benjamin Uzelac

  • Members
  • 2 posts
  • Local time:03:13 PM

Posted 21 June 2009 - 07:10 AM


Recently (specifically monday the 15th), a friend of mine downloaded McAfee from a torrent and managed to completely screw things over. (Oh the irony of downloading AV from a torrent and getting a virus from it...)

When the computer came into my possession (wednesday), the computer BSoD'd when you booted it normally, but sort of worked in safe mode. What I mean is that it would boot, but then windows explorer would crash and i'd have to manually restart it from task manager.

I disabled anything McAfee-related in services.msc, and unchecked all of the startup items McAfee-related in msconfig. Then i proceeded to remove McAfee using their uninstaller. Thinking all was said and done, I restarted the computer. It booted normally - sweet. The only "visible" problem though is that any website AV-related, Windows update, even this website, all redirect to a random ad, hence making it impossible to view anything.

I immediately checked the hosts file, but it was blank, leaving me to believe that the issue is much bigger than I thought.

I downloaded AVG, but it errored out every time i tried to install it. Then i installed avast; It ran fine, and removed some viruses. Then I removed it and installed and ran CCleaner. Still not fixed.

I tried to run DDS, but whenever I try, it says that the file isn't a valid win32 application. I'm attempting to run it on Vista home premium with sp1.

I tried RSIT, and it ran. However since I can't access this website from the infected computer, I'm having to copy everything onto my USB drive and move it to a different computer. The log is attached.

Any help with this is greatly appreciated.

Attached Files

BC AdBot (Login to Remove)


#2 Benjamin Uzelac

Benjamin Uzelac
  • Topic Starter

  • Members
  • 2 posts
  • Local time:03:13 PM

Posted 24 June 2009 - 08:20 PM

I managed to solve this myself just a couple hours ago. I'm replying so that way anyone searching the forums might find this topic and save themselves a week of worthless attempts to fix the problem.

I ended up having a variant of MSIVX.

The solution is to use combofix (as is usually the case), however in the event that you can't get the program to run, rename it to something like "familypictures.exe" and then run it. This variant of MSIVX runs an app snooper and will block common AV applications. After combofix runs, you'll be back to "normal", however you should then install malwarebytes, run windows update, etc.

#3 Pandy



  • Members
  • 9,559 posts
  • Gender:Female
  • Local time:04:13 PM

Posted 26 June 2009 - 08:54 AM

Always remembering that it can be risky to run ComboFix unguided by an expert. Glad you got your issue solved though, Benjamin Uzelac. I will close this topic for now. If you need it reopened just pm any Moderator with a link to this topic and ask for it to be opened again.

Do not anticipate trouble, or worry about what may never happen. Keep in the sunlight.

Hide not your talents. They for use were made. What's a sundial in the shade?

~ Benjamin Franklin

I am a Bleeping Computer fan! Are you?


Follow us on Twitter

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users