Jump to content

Can't install, update or restore


Recommended Posts

Hi All,

I am hoping someone can help.... I am trying to remotely fix a friends machine (XP Home). He got caught when he went to the CBS Sportsline site last week. We are unable to do a system restore, in normal or safe mode. Nor are we able to install, run or update MBAM, Spybot, Adaware or HijackThis in normal or safe mode. We are unable to get into safe mode with networking. Other symptoms were redirection of the browser, (IE7 and FF3.0),

I found the following files and deleted them: runhh6110411.exe, learn32.dll, rehh, vigrs, Ina, comm3, fsh1 and mscscc.dll. They were all in various directories, as described in other posts. I found an offending file in the Startup and unchecked it via msconfig. Sorry I cannot recall the name, and failed to take notes at that point.

He is no longer being redirected when using IE, but cannot reach any of the leading antivirus or antispam sites. I can remotely drop exe files there, and have tried renaming and installing. I was able to install MBAM in safe mode, but cannot run it all in either safe or normal. I cannot install HijackThis in either mode. We cannot update the McAfee installed A/V. Nor can we do a Windows update or System restore.

There is still on application I see in the Add Remove Programs section; It says something like Anti Spyware, but trying to uninstall, takes us to a rogue website only. I am at an impass as I am not physically in front of the computer. Can you think of anything I can try, or talk him through via remote (gotomypc) and phone? I guess a bootable CD, (Linux or Win) with appropriate software installed, should be able to scan and clean. Am I missing something? Please let me know if there is additional info that I can provide, that would be helpful. Thanks!

Ken

Link to post
Share on other sites

Greetings kc949 and welcome to Malwarebytes'. It appears by the behaviors you have described that your friend may have caught a nasty rootkit that's been going around. Please have your friend follow the instructions in this post by AdvancedSetup: http://www.malwarebytes.org/forums/index.p...amp;#entry35969 If that doesn't get it to work, then try going to the program folder for Malwarebytes' Anti-Malware (under C:\Program Files) and rename mbam.exe to see if that will allow it to run. If possible, it would also be a good idea to have your friend post in our HijackThis forum, simply have your friend read the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs in a new topic here: http://www.malwarebytes.org/forums/index.php?showforum=7

Please be sure not to install any software or use any removal/scanning tools exept those that you are instructed to by the expert who will be assisting you as doing so can make their job much more difficult. I hope I was helpful. Good luck and safe surfing.

Link to post
Share on other sites

exile360 - Thanks for the tremendous help! The first link/recommendation did the trick. I had the remote computer up, patched and running clean right away. I am very interested in this site, and the MBAM product, as it is very new to me. I will continue to read up on things here, as it looks like a great resource. I look forward to recommending this site and software to others. I really appreciate your help and expertise here. Have a great day! - Ken

Greetings kc949 and welcome to Malwarebytes'. It appears by the behaviors you have described that your friend may have caught a nasty rootkit that's been going around. Please have your friend follow the instructions in this post by AdvancedSetup: http://www.malwarebytes.org/forums/index.p...amp;#entry35969 If that doesn't get it to work, then try going to the program folder for Malwarebytes' Anti-Malware (under C:\Program Files) and rename mbam.exe to see if that will allow it to run. If possible, it would also be a good idea to have your friend post in our HijackThis forum, simply have your friend read the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs in a new topic here: http://www.malwarebytes.org/forums/index.php?showforum=7

Please be sure not to install any software or use any removal/scanning tools exept those that you are instructed to by the expert who will be assisting you as doing so can make their job much more difficult. I hope I was helpful. Good luck and safe surfing.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.