Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Total PC Defender and More - XP


  • Please log in to reply
2 replies to this topic

#1 SkilTech

SkilTech

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 05 March 2010 - 07:38 AM

As the "computer guy" in the neighborhood, I've been asked by a friend to help disinfect his 2004 Dell Inspiron 5100 (about six years old) which runs Windows XP. I don't have all the details I'd have if the machine was mine, but there are a few items that might be worth noting:

1 - He definitely has the Total PC Defender thing running, and it does its best to prevent Internet Explorer from launching, so downloading software to the machine is a problem. I've been using a flash drive to transfer files to it from another machine (although none of the anti-malware stuff I've run - malwarebytes, superANTIspyware, Spybot - S&D - has touched it). I'm positive that there's more malware on the system, but that's the most obvious right now.

2 - He had a very old, no-longer-supported version of McAfee installed, but I'm not even sure if it was still getting updated definitions. I tried to replace it with something more modern, but it wouldn't un-install. I hacked at it to prevent it from running, and that seems to be when the Total PC Defender reared its head. It had to have been on the machine prior because there was no online activity after stopping it.

3 - Tried running some things in Safe Mode with Networking, but for some reason couldn't connect wirelessly to do any downloads.

4 - I disabled nearly everything in Startup (not sure how I was lucky enough to run msconfig because it wouldn't load previously) and that seems to have helped give me more access to the machine, but obviously the malicious software is still there.

5 - I do have a ComboFix log which I can upload at any time.

Thanks for any help you can provide!

Edited by Orange Blossom, 05 March 2010 - 08:27 AM.
Move to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 tinyfighters

tinyfighters

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 05 March 2010 - 09:26 PM

Yes the type of Trojan you have is really annoying and it probably won't even let you get Malwarebytes' Anti-Malware
You don't have to do this these stuff.
  • Make sure you can go to Microsoft website
  • Try in Safe Mode With Networking
  • If you can't you have to wait until one of those Bleeping Computer guys give you some stuff
  • If you can then download Process Explorer
  • Save it to desktop
  • Make sure you in normal mode
  • Now look for suspicious processes in Process Explorer
  • Right-click processes then click suspend
  • Now you can just wait for a Bleeping Computer guy to provide you with programs.

Edited by tinyfighters, 05 March 2010 - 09:28 PM.


#3 SkilTech

SkilTech
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 07 March 2010 - 12:36 AM

This is my first time using Bleeping Computer. Could anyone tell me how long I should expect to wait before receiving help?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users