Catch 22 with the 8-step virus removal

[k.jacko]

Ok,
i've been asked to clean up a HP Pavilion dv 1000 laptop, which seems to be inundated with nasties due to the owner letting the Nortons Internet Security trial expire without renewing it. He had no other protection on the laptop at all.

So, looking at the 8-step guide. I have copied onto a blank cd fresh downloads of:
Avira, Avast, CCleaner and MalwareBytes.
Installed Avira and ran it, but without a connection to the net i cannot update the latest definitions, same goes for avast (both keep prompting me to update). They both find loads of stuff, but require updating.
One of the symptoms is that it just won't connect to the net, and i daren't put it on my network for fear of infections spreading.
I'm trying to install a 3g usb modem, but it seems to hang after so long on the installation.
Its also hanging at the 'Finishing Installation' stage of Malware Bytes, something that has been reported by other users in other threads.
All the above has/is being done in safe mode with ALL non-Microsoft services disabled. Could this be a problem?

Please help, if you can....

Many thanks


Update

Ok, malwarebytes eventuall DID finish installation.
However the pc hangs when trying to uninstall Nortons Internet Security.
I know there is a removal tool for their products but 'Internet Security' isn't listed and i cannot find which version it is.

update 2:
ok, still can't anyting to update or even work properly
I have found though that when trying to connecto to the net, the local lan adaptor keeps adopting a DNS of 85.255.112.223, regardless of whether i have it assigned automatically and release/renew the ip, or input mine manually.

Hopefully someone must have a clue.

 

[Bobbye]

About Avast and Avira: the suggestion is that if you do NOT have an antivirus program running, to install EITHER Avast or Avira, not both. And I am seeing suggestions to remove whatever current AV you do have in favor of either Avast or Avira. My opinion on this is: IF there is a functioning AV program that has been updating currently, leave it alone for now. While the latter two may be more highly recommended, It's just one more program to have to deal with.

As for updating- one symptom of malware is that it will not let you update- it; s called survival! Why let the system get an update that might wipe it out?! Clever, huh?!

DNS of 85.255.112.223 is a result of the malware DNS Changer. Please refer to this immediately:
DNSChanger Trojan

You'll recognize this Trojan by checking the DNS server assignments on the computer that does not update. Do this by following these steps:
1) In Windows Vista, click on the Windows orb
2) Click in the Search box and type CMD and press Enter
3) At the command prompt, type IPCONFIG /ALL and press Enter
4) You should be presented with the bunch of information, find the section for your Internet connection. It may be entitled Ethernet Adapter Local Area Connection or something similar.
5) Find the DNS Server section and double-check the numbers. Usually the DNS is a local IP like 192.168.0.1 or it could be a statically assigned IP from your ISP. If the DNS numbers are remotely similar to the following IPs then you have the DNS Changer Trojan. These IPs originate in Europe.
85.255.113.122
85.255.112.83
85.255.116.148
85.255.112.223
6) Type Exit at the command prompt to close it
http://www.pchell.com/support/vista_update_error_80244019.shtml

Now do the 8 Steps for Virus and Malware Removal HERE.

Attach the three logs for review when finished.

 

[k.jacko]

Bobbye:
yep, know all about ip configs (remember the other thread where we both needed coffee, lol?)

Thing is i can't fully uninstall anything, so Nortons is stuck.
What i've managed to do is copy of the user's data onto external storage. I'll then fully scan and hopefully eradicate any nasties by connecting the storage to a standalone pc with loads of anti-virus/malware/spyware stuff on.
I'll then do a destructive recovery on the laptop and copy the cleaned up data back on.
It really will the be the simplest and quickest option as this lappy is all but bricked!

Thanks for the input.

 

[kimsland]

Run the Norton Removal tool

But your way, sounds better
Make sure to re-install all Drivers and then all Windows Security updates
Also I find Avira Antivirus to be the best presently.

 

[k.jacko]

Well hopefully the recovery partition isn't infected so that will reload all drivers for me.
I still have the issue of getting the .pst mail files off as it just freezes every time i get near to doing something like that.

 

[kimsland]

Try this:

By right clicking and selecting "Save As" Download this small TOOL (this is safe to use)
Fully close Outlook Express

Run the newly downloaded "open_oe_store.vbs"
When the folder opens, save all your PST files


Also found a free OE (Outlook Express), backup program here: http://www.insideoe.com/backup/index.htm

 

[CCT]

At some time you may wish to make up a UBCD disk to handle these types of nasties - I use a bootable r/w cd.

http://www.ultimatebootcd.com/download.html

 

[k.jacko]

Thanks guys,

Kimsland; the main user account is using windows live mail on xp sp2.
So will try your suggestion but may not work.

CCT; thanks dude, downloading it now.

 

[k.jacko]

guys, just a thought.
You reckon its worth taking the hdd out of the laptop, putting it into an external caddy, attaching it to a standalone pc which is loaded up with Avira, Avast, Malwarebytes and CCleaner) and it scan the external for viruses/spyware etc?
Would it be able to find as much by scanning it this way?

Basically i'm concerned that i need to get the users mailbox off the lappy, but its constantly freezing on me, so i just can't get near it to try.


edit:
managed to download virus databse updates for avira, avast and malwarebtes AND update them on the infected lappy.
Avast is currently running a bootscan and has found loads of stuff. Amongst them Antivirus pro 2009 which only an hour ago i was reading about on another forum how it is a rogue app which infects the pc.
I'm gonna see how all this pans out, but i might still reformatt anyway.

 

[k.jacko]

update:

ok, all the nasties seem to have gone now. I did a full scan using avira, avast, superantispyware and malware bytes and it cleaned out loads of stuff. I can now access the internet, and update all relevent progs.
I also installed O&O defragger and sorted out the hdd which was fairly sluggish at 25% (although i've seen worse) degrafmentation.
All seems good now.

Thanks for your help guys, muchos gracias!