Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All attempts at fixing virus will not work


  • Please log in to reply
3 replies to this topic

#1 flexorz

flexorz

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 04 July 2011 - 05:44 PM

I would say I'm a pretty computer savvy person working in IT and all, but I am at a loss for what to do next. I am trying to remotely fix my sister's computer, but each and every attempt at finding or removing the virus, rootkit, or whatever it may be is being stymied in one way or another. The computer is running Windows XP SP2 32-bit - so first, I tried updating to XP SP3, but received an error message while trying to do so. Next I tried the following:

  • Spybot S&D - installs, but an "permission denied" error message appears when trying to run the program
  • Rootkit Revealer - I can get it to run, but it disappears without warning after scanning for a minute or so
  • Malwarebytes Anti-Malware - Same as rootkit revealer, starts to scan but then disappears without warning
  • Avria anti-virus - installs, but I receive an error message when trying to run
  • ComboFix - During the install, an error message comes up warning me that the install package may have been altered and warns about the Virut virus possibly being on my system. I downloaded a standalone Virut virus scanner but came up empty.

As you can see, I'm becoming frustrated since every tool that I've tried seems to be interfered with.

Something interesting that I noticed is that while Rootkit Revealer was running, but before it shut down, I saw some registry entries referring to "swearwear" - which appears to be something along the lines of a rootkit, but I wasn't able to find any concrete information about removing it, so I thought I would come to the experts. Thank you much for any help that you can provide.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:45 AM

Posted 04 July 2011 - 06:15 PM

Welcome aboard Posted Image

I saw some registry entries referring to "swearwear"

That would come from some free tools like Combofix.

warns about the Virut virus possibly being on my system

Virut is not curable, but Combofix is not always correct about that threat.

Did you try to restart in Safe Mode to see, if the computer behaves better there?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 flexorz

flexorz
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 04 July 2011 - 06:44 PM

Aye, there's the rub... Since I'm connecting to the computer remotely, Safe Mode doesn't seem to be a simple option (I suppose I could have them boot into Safe Mode w/ Networking and then try to launch the remote control app? FYI, I'm using LogMeIn.com) I can certainly give it a try if there are no other options.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:45 AM

Posted 04 July 2011 - 07:02 PM

If they're behind a router Safe Mode with Networking should be fine.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users