TechSpot

[Closed] Cannot run anti-virus programs

By mgarcia512
Nov 16, 2010
  1. Hello,

    I was asked to help get rid of a rogue security software program on a friends computer. It had malwarebytes installed, but the program console would not some up to do a scan. I could see the program loaded, but nothing would work. I then tried installing superantispyware, but that would not work either. After uninstalling malwarebytes and reinstalling, it would not load. i tired in normal mode, safe mode for the user and administrator safe mode but the pograms still would not run. I was able to find the file causing the rogue program to start and deleted it from the temp folder. Since then it hasn't come up, so that's gone.

    I do know the computer is still infected though because soemthing is redirecting the search result links in google and msn. Since I could not run malwarebytes, I attached a hijackthis log along with the gmer and dds logs. Thank you for the help! btw, this is on a windows xp computer.
     

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You asked for help for the same problem about a month ago here: http://www.techspot.com/vb/topic154715.html

    You got some help, but the thread was closed for inactivity when you didn't return. Do you plan to follow through if you get help now?
     
  3. mgarcia512

    mgarcia512 TS Rookie Topic Starter

    Yes i do. The previous thread I had I no longer had access to the PC and should have asked for the thread to be closed. I will be able to follow up on this one.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    EDIT: Run this first please and paste the log into a reply. Allow me to check it before you go on. It looks like a Ramnit malware infection which most of us consider incurable.

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    =================================================================
    Do not go on with TDSSKiller and Combofix until I've checked the virus online scan log. I will instruct you whether to proceed.
    ==================================================================
    Thank you. You have a Rootkit. Please run the following:
    • Download the file TDSSKiller.zip and extract it (use archiver, for example, WInZip) into a folder on the infected (or potentially infected) PC.
    • Double click TDSSKiller.exe to start the scan
    • Wait for the scan and disinfection process to be over.
      [o] The utility outputs a list of detected objects with description.
      [o]The utility automatically selects an action (Cure or Delete) for malicious objects.
      [o]The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
    • The default quarantine folder is in the system disk root folder, e.g.:C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result.
    It is necessary to reboot the PC after the disinfection is over.
    ============================================
    After you have run the TDSSKiller, please see if Combofix will run for you:

    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..
    =============================================
    By the way, we require all logs to be pasted into the replies You do not have to redo these logs, but please paste all others unless told otherwise.
    ============================================
    After these scans I will have you run a program that will remove all 7 outdated versions of Java- then update to the current. You missed this. The old versions are a vulnerability to the system.
    You will also need to update your v6 of the Adobe Acrobat - to the current v9.xx, another vulnerability.
    And you can remove the HijackThis because it's outdated also.
    ======================================
    Important!
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...