I've been given a PC to clean following a "You have a virus, click here to get a virus" incident.
Unfortunately, the user has attempted to clean the problem themselves before handing the machine over. I've no idea what they've done to rectify but everything I've tried (based on the forum's Prep Guide here) has, so far, failed.
Using the numbering in the guide;
1. Full backup has been taken - unsure whether any infection has passed to the backup drive
2. The issue is malware - the PC isn't slow in any way, it just refuses to run any AV
3. Account created
4. Topic reply enabled
5. Vista firewall is active
6. DeFogger has been used to deactivate CD emulation
Here's where the issues arise.
7. DDS has been downloaded and run but nothing happens. The DOS window appears for a nano-second and then vanishes. The only trace of it having run is that it appears to leave a process (SetPath.dat) running. I've left it for an hour and nothing has happened.
8. GMER has also been downloaded and run, but this causes the PC to blue screen as soon as the scan appears to near what I presume is the infected area.
9. I'm afraid I cannot attach any logs as per the details above.
HiJackThis, Malwarebytes, Avast, etc all perform in a similar manner. I can run the installation program and the program, but the second I attempt to scan the file system/HDD of the machine, the GUI vanishes completely. The result is the same whether I'm in Safe Mode or not.
I await the expert opinion on what to do next.
edit: the OS is 32bit Windows Vista HP SP1
Edited by odetoavdub, 28 January 2011 - 11:46 AM.