Posted 19 April 2010 - 03:15 PM
My in-laws, whom seem to click happy and hell bent on destroying their computer, called me for remote help yesterday. They have gotten something that has its hooks buried DEEP in to their system and I am at a loss as to how to help them further short of them mailing me the damn hard drive. I don't have any of the scans handy so I apologize but I can tell you what we've run and done so far. This is a Windows XP machine.
Computer will not execute anything in regular mode so all of these had to be run in SAFEMODE....
1. Ran Malwarebytes, removed what it found.
2. Ran SuperAntiSpyware and removed what it found.
3. Ran Combofix (one I have been using for years so I am familiar with running it). It found files for the ALOT toolbar and removed those.
After running these, computer still will not execute anything in regular mode. When we tried try to open Control Panel with a left click it will not open; we had to open it by right clicking. When we tried to run Combofix in regular mode, it asks what program you woudl like to use to execute it. Same thing when we tried to run Teamviewer for me to remote in to their computer in regular mode.
Back in Safemode we ran unhackme. It found some suspicious items as far as malware which all ended up being false positives and it says it found no trojans at all. Ran Hijackthis and there were about 50 items in the HOSTS file section which were all removed. There were a coupl eof BHO's which were suspicious so I removed those as well. After that I replaced the hosts file with a clean version.
STILL unable to execute anything in regular mode --> back to safemode. Ran DrWeb --> TROJANS FOUND and we removed them. STILL unable to execute anything in regular mode....... I can't run GMER because I am using remote access and Combofix, the big daddy of this process, can't be launched in regular mode. Does any one have any other suggestions to offer up here? They are preparing to mail me their hard drive!
DJ Digital Gem
I gave up on computers and now I just DJ!