Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extreme infection


  • Please log in to reply
2 replies to this topic

#1 azfreetech

azfreetech

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:08:47 AM

Posted 19 April 2010 - 03:15 PM

My in-laws, whom seem to click happy and hell bent on destroying their computer, called me for remote help yesterday. They have gotten something that has its hooks buried DEEP in to their system and I am at a loss as to how to help them further short of them mailing me the damn hard drive. I don't have any of the scans handy so I apologize but I can tell you what we've run and done so far. This is a Windows XP machine.

Computer will not execute anything in regular mode so all of these had to be run in SAFEMODE....

1. Ran Malwarebytes, removed what it found.
2. Ran SuperAntiSpyware and removed what it found.
3. Ran Combofix (one I have been using for years so I am familiar with running it). It found files for the ALOT toolbar and removed those.

After running these, computer still will not execute anything in regular mode. When we tried try to open Control Panel with a left click it will not open; we had to open it by right clicking. When we tried to run Combofix in regular mode, it asks what program you woudl like to use to execute it. Same thing when we tried to run Teamviewer for me to remote in to their computer in regular mode.

Back in Safemode we ran unhackme. It found some suspicious items as far as malware which all ended up being false positives and it says it found no trojans at all. Ran Hijackthis and there were about 50 items in the HOSTS file section which were all removed. There were a coupl eof BHO's which were suspicious so I removed those as well. After that I replaced the hosts file with a clean version.

STILL unable to execute anything in regular mode --> back to safemode. Ran DrWeb --> TROJANS FOUND and we removed them. STILL unable to execute anything in regular mode....... I can't run GMER because I am using remote access and Combofix, the big daddy of this process, can't be launched in regular mode. Does any one have any other suggestions to offer up here? They are preparing to mail me their hard drive!
DJ Digital Gem

I gave up on computers and now I just DJ!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:47 AM

Posted 19 April 2010 - 03:46 PM

hello, your combFix is outdated if you have been using the same one for years.

With out logs it's hard to say where to go next other than posting a DDS log.

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 azfreetech

azfreetech
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:08:47 AM

Posted 19 April 2010 - 04:18 PM

Sorry, I gues I wasn't clear enough. The version of Combofix that was used is current. I have personally been using Combofix for years so I know what I am doing when running it. It is impossible for me to run GMER as I am remote accessing their computer. They are in Missouri and I am in Arizona. GMER is designed to run on a computer that is not connected to the internet and you're not even supposed to move the mouse.....

When I get home tonight (I am at work right now) I will see if I can remote access in to their computer again. Will running DDR in safemode give us an accurate view of what is also starting up and running in regular mode? We can't execute any programs in regular mode, at all.
DJ Digital Gem

I gave up on computers and now I just DJ!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users