I've read many posts on here in the past and spend a lot of time cleaning up infected computers.
I've stumbled across one of those 'challenge problems' that is just not getting anywhere.
It all started when a client asked me to go and see one of their office PC's - a Dell unit a few years old. Boot up was fine and reasonable for the spec. of the machine. When Windows was ready to go, I found multiple issues:
1) The taskbar had minimised to a thin grey line at the bottom of the screen. The usual method to stretch this out was not working. The Windows Key brought up the Start Menu as expected. I right clicked on the bit I could see and the only way to make the bar appear was to open the quicklaunch toolbar
2) The usual Windows XP coloured taskbar and Start Menu had been replaced with the older Windows Classic style grey one
3) After selecting Copy on any file, the Right Click Paste option was greyed out on the right click, Control+V did not work either
4) Files cannot be dragged or dropped
5) Internet Explorer no longer opened
6) The installed Firefox browser no longer opened
7) The installed AOL 9 Software no longer opened
8) The installed AVG 8.5 appears to work fine, including update which confirms Internet Connection is active. No infections found on Scan
9) The installed Malwarebytes appears to work fine, including update as per AVG. No infections found on Scan
10) The network connections folder shows no network connections
11) There are no network connection icons on the taskbar near the clock
12) When any window is open, it does not show on the taskbar. Alt-Tab allows the change of open windows and is the only indication of what is open at the time.
The lady in the office said she had been away on holiday and come back to find the PC in this state. It is a small family business working from a home office with three machines. The owner of the company has a Russian partner who frequently uses the machines to access Russian websites and ICQ.
The machine was rebooted and loaded into Safe Mode. The system behaviour is the same as in Normal Mode.
As files cannot be copied onto the machine or downloaded from the Internet, the options are limited. A USB memory stick was plugged in and installed as usual without problems. The machine accessed the memory stick fine but files could not be copied from it.
To copy files it was back to basics - Start > Run > CMD - copy files from memory stick using XCopy.
Combofix was run and returned no unusual results. It managed to update itself but could not install the recovery console as it stated Microsoft.com was unreachable.
The machine failed to allow HiJackThis to run.
The client decided the most cost effective course of action was to copy their files off the machine and reinstall the operating system. The Hard Disk was cleaned using Windows XP DiskPart > Clean option before a fresh copy of XP Pro was installed, the files were copied back on afterwards and all seems well.
A few days later another one of the machines switched itself off during use and on reboot got stuck in the BSOD loop. Running the Safe Mode option also did the same. Using the XP original disk, the repair console was used and chkdsk used to check the file structure. Errors in the file structure were reported as fixed and the machine rebooted fine.
On reboot the machine showed exactly the same problems as the original Dell PC. Rather than reinstall this machine, it has been isolated to determine what is going on.
Since then another machine has also gone down making that 3 to date.
Anyone any ideas? The reinstalled machine is behaving fine.
The machines all operate AVG 8.5, Malwarebytes, Spybot, and ZoneAlarm. The Dell unit is XP Pro, the second PC is XP Media Center Edition, and the third PC is XP Home.
Any help greatly appreciated.
Edited by cotesy, 02 November 2009 - 04:42 PM.