Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All AV or Malware removal apps are instantly killed.


  • Please log in to reply
3 replies to this topic

#1 KKjustFlossin

KKjustFlossin

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 07 September 2009 - 05:05 PM

I have been trying to clean a clients PC for 5 days straight. I can't run any AV or Malware program because whatever it is detects it and instantly closes it, even in safemode. Furthermore, if I try to reopen a program it closed, I receive a message that says,

"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

I removed the drive and placed it in another PC and ran Kaspersky Internet Security 10 on it and it detected and cleaned 285 files that were infected with virus.win32.virut.ce. I placed the drive back in the original computer and tried to run a scan and the same thing happened to all attempts to clean it. I then Booted the PC with both Ultimate Boot Disk and Hiren's BootCD and ran virus scanners to clean the system. After all that, I rebooted to Safemode and attempted to run a scan and the same thing keeps happening. I again placed the drive in another PC and ran a scan with Kaspersky and it found 43 more infected files but these were infected with an assortment of virii such as Trojan.Win32.Agent2.chxn, Trojan-Downloader.WMA.GetCodec.ae, Backdoor.Win32.Agent.akli, Trojan.Win32.Monder.bzea, Trojan-Downloader.Win32.Agent.bqxc, Trojan.Win32.Agent2.chuf, Trojan-Downloader.Win32.Agent.cosh, Trojan-Downloader.Win32.Delf.vma, and Trojan-Downloader.Win32.Generic.

I don't want to waste anyone's time (or mine) so I will list all the programs I tried:

Adaware Anniversary Edition, AVG, Avast Home Edition, AVZ, X-RayPC, Gmer (I even tried the one you download with a randomly generated filename), FixVundo, Malwarebytes Anti Malware, OTL, RemoveIt, rmvirut.exe, rougefix, RootRepeal, Sophos Anti Rootkit, Spybot Search & Destroy, Stinger, Sysclean, VirtumundoBeGone, Xclean_micro, and MultiAV.

I had a little success with MultiAV. I downloaded to my good PC and downloaded all the updates for all 4 AV programs, which are Sophos, McAfee, Trendmicro, and kaspersky. I booted up in safemode and the virus allowed me to scan with ALL 4 programs and delete what they found. However, I still couldn't run any other program.

Any assistance will be greatly appreciated. I've been repairing/cleaning computers for about 10 years and have NEVER ran into malware this evil....lol.

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:09:49 PM

Posted 08 September 2009 - 08:17 PM

See if you can get this to produce a log


1. Download Win32kDiag from any of the following locations and save it to your Desktop

http://ad13.geekstogo.com/Win32kDiag.exe

http://download.bleepingcomputer.com/rootr.../Win32kDiag.exe

2. Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
3. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
4. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 KKjustFlossin

KKjustFlossin
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 08 September 2009 - 08:41 PM

Thanks for the quick response, however, due to my lack of patience, LOL, I applied a partial fix that was given to someone else with the exact same symptoms ( I know I wuzn't supposed to....), it involved copying eventlog.dll to the root of the C: drive and using Avenger on it. I followed this with Combofix and it cleaned enough for me to run my other Malware removers without them shutting down after 5 seconds. I ran a scan with Malwarebytes and it only found 15 bad files.

I would still like your assistance in totally cleaning the system though. I know some things can lurk in the shadows and respawn when the coast is clear. I just wondered if you still wanted a log from Win32Diag or would you prefer it from HJT or OLT since I can run any program now without interference?

Thanks, and sorry for not waiting...

#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:09:49 PM

Posted 09 September 2009 - 05:49 PM

Those logs can only be posted in the HJT forum, not here
There's a pretty good wait since it's been so busy
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users