Posted 28 August 2009 - 07:29 PM
I have attempted repeatedly to run HIJack this and even renaming HJT. HJT runs, and then quickly closes and does give me a log file. I've tried in safe mode under different usernames who are all administrators, and no go.
I had malwarebytes on teh computer as well as superantispyware adn everytime I would click on them, it would error out "Windows cannot access the specified, device, path or file. You may not have the appropriate permissions to access the item.". When I tried to launch the Norton Corporate AV, it gave the same error. I tried to launch Norton from the Symantec System Center and it couldn't communicate with the computer (not in safe mode of course).
I was able to partially run superantispyware by taking ownership of the directory as administrator and reapplying permissions to all files in the folder (in safe mode).
When superantispyware ran it found
trojan.agent/gen.backdoor [Fake Alert]
It ran for about 15 minutes then closed. I then had to reapply permissions to the executeable and folders again, adn this time I ran a quick scan, and was able to remove them that way. I rebooted the computer and tried a full scan again. After about 30 minutes it quit again.
I tried running smitfraudfix, but it started to run, the windows task bar disappeared and teh computer never came up with any prompts. The hard drive light just kept blinking.
Watching taskmanager I found braviax.exe running in the tasks. I end tasked it and went into the registry and manually removed it. I opened up a cmd prompt and deleted it through there.
Upon reboot I am now getting a different file and still cannot run hJT, or any other program with any success. Under tasks I see koed37czcd.exe and fsfeedssync.exe which seem strange in the tasks. At one point policy.exe popped up as well in the tasks and disappeared quickly.