Jump to content

Recommended Posts

I have been working on a friend's system which starting with a google redirect and began hiding some of his files. There were no signs of a Rogue AV or anything like that. I thought, "this will be a breeze".

I first ran rkill to kill any processes currently running. rkill seemed to hang for 30 minutes or more and did not finish. I then decided to run a full scan with Malware Bytes which yielded a couple of entries, but nothing relative to a virus. I rebooted and the redirection continued.

I then proceeded to run a gamut of other programs to try and remove the redirection including combofix. Hitman Pro 3.5 came up with an MBR virus which it needed to remove on reboot. Upon reboot I was presented with a lovely blue screen with the following code 0x0000007B and no file specified. I also updated and ran Kaspersky Rescue Disk 10 on USB which came up with nothing. I am at a loss to say the least. Typically the combination of these programs will yield a clean system. Unfortunately not today. At the moment I am unable to boot into windows 7 under normal or safe mode. I ran Kaspersky a second time and still came up with nothing.

As you can tell I am in a bit of a pinch. This forum has always been an incredible resource for me and I would greatly appreciate any and all help you can provide.

Thanks in advance,

Dustin

sorry I am unable to attach logs.

Link to post
Share on other sites

Hello morandaminds and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.

It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

There is a good chance that your computer being unbootable is a result of improper ComboFix usage.

With that said, please do the following:

-------------

Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore.

  • Download The Avira AntiVir Rescue System from here.
  • Just double-click on the rescue system package to burn it to a CD/DVD.
  • Then please use that CD/DVD with Avira Rescue System to boot your computer.

At the boot option please press the number 1 on your keyboard to 1 Boot AntiVir Rescue System (default) and press Enter or just wait.

You will then see the graphical interface of Rescue CD loading modules and mounting devices. The default language is German, but you can change it to English anytime by clicking on the English flag on the lower-left side of the screen.

2cnti8i.gif

Under Configuration, please select Scan all files, Try to repair infected files and Rename files if they cannot be removed?.

Then please go back to Virus scanner and click Start scanneren.

The Avira AntiVir Rescue System wil now

  • repair a damaged system,
  • rescue data,
  • scan the system for virus infections.

Let me know if you can boot after running the Avira Rescue CD.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.