Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected


  • Please log in to reply
1 reply to this topic

#1 techctr

techctr

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 20 August 2010 - 12:15 PM

Hi, a customer brought in his teenagers machine in. On first glance I knew it was going to be a machine that was infested rather nastily. Frostwire account, Rogue antivirus, proxy server, usual tricks I thought. I did my usual dump of the temp files, cleaned out old registries, and ran malware bytes which returned quite a few trojans, rogues, and the like. I then ran Hitman Pro 3.5 and it came back with malware and rootkits in the windows subfolder.

Every time I would restart the computer it would act like it was reinfected. Being as invasive as it was, I ran Combofix, which ended up telling me both c:\windows\system32\winlogon.exe is infected!! and c:\windows\explorer.exe is infected!!


My question is this, is a fresh reload my only option here, or is there some way to fix this that isn't just wiping the system and starting over? I'd like to save some info, but not at the risk of reinfection.

Any suggestions?

Thanks!

Edited by techctr, 20 August 2010 - 01:28 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:18 PM

Posted 21 August 2010 - 10:17 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic. Please be sure to include a description of your computer issues and what you have done to try to resolve them.


If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users