Jump to content

IT Guy and once proud Malware fighter...


Recommended Posts

all,

I'm an IT professional of 18+ years, so I've been doing this for a while now. I have a user machine who appeared to have been infected with the virus that claims you're hard drive is about to fail, and also hides all your files and start menu items. I ran Unhide.exe, and after that did malwarebytes, which removed 4 infections. I then attempted to run tdsskiller but it refuses to run. (yes I changed the name to random.com) and it still will not run.) Combofix also refuses to run. I decided to use a hirens CD and attempt to do some cleanup that way using avira.. it found several java exploits as well as a few trojans, but when I rebooted it still will not run combofix (combofix stalls and locks up, ctrl, alt, del won't work) so my only option is to hard boot the machine. I've fought with this for a couple of days now but I'm at the point of exhaustion and need some assistance. Also, if it helps pinpoint anything, there are browser redirects and I've been hearing what appear to be random broadcasts coming from the speakers. I uninstalled Symantec bloatware and installed NOD32 5.0 praying it might help. Nod picked up a win32/olmasco.O trojan running in system memory but can not clean it. I'm at my wits end. Usually I would just re-image, but this machine has software running in a production environment that I'm not sure I could even get my hands on again.

If there's a log you need just direct me to it and I'll supply it to you.

Thanks in advance!

Link to post
Share on other sites

Have you tried running Combofix in Safe Mode?

If that worked, restart and run it in Normal Mode after that.

Several times, with the same dreaded results. Did I post this in the wrong forum? I've just never seen anything that was so adept at preventing my most used malware tools from actually working. MBAM scans clean every time now, so I've got to find something else to be able to run in order to get this cleaned. Thanks for the prompt response!

Link to post
Share on other sites

I moved your topic here.

Can you get DDS to run?

Please download DDS by sUBs from one of the following links and save it to your desktop.

[*]Disable any script blocking protection (How to Disable your Security Programs)

[*]Double click DDS icon to run the tool (may take up to 3 minutes to run)

[*]When done, DDS.txt will open.

[*]After a few moments, attach.txt will open in a second window.

[*]Save both reports to your desktop.

---------------------------------------------------

  • Post the contents of the DDS.txt in your next reply

Link to post
Share on other sites

If MBAM runs I can't understand why DDS won't.

Delete the combofix.exe you have on the desktop now and try this:

Download Combofix from any of the links below but rename it to Iexplorer.com before saving it to your desktop.

* IMPORTANT !!! Save Iexplorer.com to your Desktop

Link 1

Link 2<--Right Click and use Save As if using this link.

Double click on the Iexplorer.com ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Link to post
Share on other sites

There are some very nasty infections we've been seeing and sometimes the only option can be a Repair Install or full format.

These are fairly recent aren't they? I've cleaned hundreds of infections in my day, and I've never seen one fight back this hard. I even considered slaving the hard drive and scanning, but then I question if it will detect the infections if they're not loading into the OS at boot.

and I'm afraid that may be my next options, I sure hope not. It corrupted all the system restore points, so there's no rolling back to a less damaged state either. :angry:

Link to post
Share on other sites

That is correct.

Yes these are new infections. Most are BackDoor's that when trying to clean often kill the ability to connect to the internet.

here is my second thought. I'm sure the freezing up while trying to scan is most likely a combination of 2 things, 1 the infection itself, 2 this machine is a steaming pile of poo. What if I stripped the drivers, and booted this OS in a more powerful machine and tried to scan it that way? if it doesn't blue screen, and allows me to get to safe mode, it might work. your thoughts?

Link to post
Share on other sites

OK. Lets give it some time.

Do you have the Windows OS CD that you could do a Repair Install in order to save the data?

I'm sure I have a few XP cd's laying around here somewhere. I'm almost ashamed to admit it. But having come from a large corp environment where we just backed up data and reimaged in cases like this, I've never done a repair install. Would that be quicker?

Link to post
Share on other sites

I'm almost ashamed to admit it. But having come from a large corp environment where we just backed up data and reimaged in cases like this, I've never done a repair install.
I do the same thing every day working for a school district where you have images for the equipment.

A repair install is pretty painless. I'll give you a link on how it's done so you can read it.

However if combofix runs we'll go that route.

I think the repair install replaces your My Documents folder so that's something to think about first.

http://www.geekstogo.com/forum/topic/138-how-to-repair-windows-xp/

Link to post
Share on other sites

I do the same thing every day working for a school district where you have images for the equipment.

A repair install is pretty painless. I'll give you a link on how it's done so you can read it.

However if combofix runs we'll go that route.

I think the repair install replaces your My Documents folder so that's something to think about first.

http://www.geekstogo.com/forum/topic/138-how-to-repair-windows-xp/

thanks, I'll give combofix a bit longer, but my hope is fading. worst part is, all these machines they've purchased over the years have been consumer grade crap, so instead of giving an OS cd, you get some sort of manufacturer restore disk. I'm so glad I've been given the green light to fix that and go with a business class standard of machines.

Link to post
Share on other sites

I know what you're saying.

Not getting the Windows OEM CD, your only options are using the CD that comes with it to restore the pc back to the first time you used it.

That's not too bad IF you keep current backups, but who really does that?

When we purchase pc's at work, the first thing we do is reformat and install the corporate Windows OEM.

I do the same thing for my personal pc's when first purchased.

Link to post
Share on other sites

I know what you're saying.

Not getting the Windows OEM CD, your only options are using the CD that comes with it to restore the pc back to the first time you used it.

That's not too bad IF you keep current backups, but who really does that?

When we purchase pc's at work, the first thing we do is reformat and install the corporate Windows OEM.

I do the same thing for my personal pc's when first purchased.

no worries, I have all flavors of OEM cd's that will usually work. Will this delete the profiles? or keep them in tact?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.