Posted 23 September 2009 - 05:54 AM
Hi! I'm new here and it looks like there are some very knowledgeable people here. I know this isn't the introduction thread, though. I volunteered to take a look at a co-workers laptop when he said he was having a little trouble with it. I guess I didn't know what I was getting myself into. Willing to try whatever it takes to work with you guys, but a lot of features/menus on the infected pc are locked out or not available (Internet Explorer, System Restore tab, can't access folder options, ect). Since IExplorer is not working on the infected machine I have been copying files to a removable drive between a clean pc and the infected, scanning in between. Here is where I stand....
Went through the steps mentioned on this and also on other forums.
Got DDS on the infected machine and it opened but quickly closed itself out.
RootRepeal runs, but after it initializes I get "Error - invalid PE image found!". Ignoring the error and proceeding to scan on first attempt lead to a blackscreen/system lock up. Second time the scan started and then the application closed by itself. Now when I try to run it I get "Windows Cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item". Which is the same message as IExplorer and a few other programs now.
ComboFix starts but encounters the "rootkit detected" and requests a machine reboot that just ends with the same prompt each time.
So far I haven't been able to pull any log files.
What next? Thanks.