Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware with Google redirects, .exe corrupter


  • This topic is locked This topic is locked
1 reply to this topic

#1 wbguide

wbguide

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 03 September 2009 - 03:03 PM

I'm fixing an XP Media Center Edition SP3 computer for a family member so I don't know the origin of the problems but the malware is particularly nasty.

The symptoms are as follows:
1. Links in google searches are redirected to fake malware removal sites, but the cached option works fine.
2. Scanning with antivirus software works for a bit, but upon reaching some unknown file, the software will crash. After this, the main .exe of the program is corrupted and changed to a hidden system file that is unmoveable, unrenameable, and undeletable (However corrupted .exes can be deleted using Malwarebytes File Killer and KillBox on startup). However, the main program is unchanged and so I make extra copies of the .exe files so I can run them. Scanning with HJT, Adaware, Spybot, Malwarebytes, SUPER Antispyware (Normal and Safe) crash. Sophos anti-rootkit BSOD in safe mode, and crashes in normal. Rootrepeal runs, but terminates during the file scan, which gives a short and unhelpful report.

Actions I have already taken:
Executables couldn't open, so I fixed file associations in registry and cleaned it up in CCleaner. The system had fake antivirus programs, which were removed using the avenger. Googled up some of the symptoms, apparently someone also had a similar situation where antivirus software gets corrupted when scanning WINDOWS\$hg_fix$, so I nuked the whole folder using Avenger as well, but to no avail. Right now I have Spybot Resident running, which keeps some threats at bay.

So, :thumbsup:

BC AdBot (Login to Remove)

 


#2 wbguide

wbguide
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 03 September 2009 - 09:52 PM

Problem Fixed.

Looking through the forum it seems as many users have the same problem - "Cannot run diagnostics" or "PC Antispyware 2010". In my case, ComboFix.exe, followed by multiple passes of Malabytes, Spybot, and Anti-Rootkit sweeped away the problem completely except for some corrupted .exe files.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users