Spyware Guard 2008, can't run the 8-steps (EDIT: Now with Logs)
Hello, I'm a minor IT Tech in the Health industry and was given a home PC by one of my doctors that is heavily infected and that he would like me to clean for him as a favor. I recommended he reformat and reinstall his Windows XP Professional but he has pictures and such on the machine that he doesn't want to lose and would like me to make the attempt.
Also, I've cleaned numerous machines in the past and, since this is a favor, I am treating this as a learning experience and taking a bit of enjoyment from the challenge (it's easier when it's not MY pc that's infected, I suppose).
Now, to business.
I already have the current versions of mbam, ccleaner, superantispyware, hijackthis, spybot search and destroy, zonealarm, and avast burned onto a CD that I use, usually, to clean random PCs with minor malware issues. The CD also has the latest Stinger on it to run off the CD directly.
The PC itself seems to be infected by Spyware Guard 2008, at least, as that's the program that pops up constantly. I'm sure there are other issues, but that's the one that advertises itself.
For starters, the computer will not allow me to browse to any website that contains any instructions on removing ANY virus or malware infection. Once the browser begins loading the site it just shuts down completely--no error message, just closes. ALSO, I am unable to run any of my anti-malware programs from my CD, whether by trying to install directly from the disc or by copying them to my desktop. They won't work under the owner's administrator account, the new administrator account I created for myself to work from, or from the admin account under Safe Mode.
Whenever I try to run any program, no matter how I'm logged on, the installation begins and then just closes by itself. I've renamed the programs, same result. I've even renamed the programs and given them the .bat extension instead of their normal .exe extension and still no luck. They simply will not run no matter their name and extension.
I WAS able to install Spybot Search and Destroy and update it and it was able to locate Spywareguard2008 and Vundo but, though it says that it cleans them, there is no change. Spyware search and destroy is the only program I've been able to install and run and it's of limited (or of no) use.
I've attempted to search my installed components, making sure that Hidden Components are visible, and then searched under the 'Non Plug and Play Devices' and there is no version that I can find of TDSS trojan, which is what I immediately assumed had infected the machine, so I can't Disable it and then run my anti-malware programs.
I've had the computer to play with for about two days now, off and on, and have made no progress, other than installing Spybot which isn't helping. Does anyone have any ideas on what I can try next? I know it's very difficult without my posting a log of some sort, but the computer does not allow this forum to load (any other, but the instant I try a malware removal forum, here or anywhere else, it closes).
Oh, and the first thing I did was disable System Restore, of course, but it seemed to make little difference. Windows update is also unreachable. I even tried downloading Firefox, which was allowed but gives me no more access than before. Google Chrome is not allowed and even a search for it shuts the browser down.
I ran Stinger off the CD and this worked, but Stinger only found one trojan, a downloader, and deleted it and didn't change anything.
Is there anything else I can try that would allow me to install or run the programs I need to run? I've tried renaming them, running them as .bat files, installing them from the CD, from the Desktop, straight download, nada. I haven't tried a thumb-drive as I am not eager in touching any writable media to the machine. It's currently standing alone and I only occasionally give it broadband access with a connection outside my network.
It's a pretty annoying bug. I have to hand it to whomever wrote it ... right before I took a machete to them.
Any advice would be appreciated. Thank you.
PS: just in case I didn't mention it, I'm posting this from my normal PC, not the infected one.
Hello, I'm a minor IT Tech in the Health industry and was given a home PC by one of my doctors that is heavily infected and that he would like me to clean for him as a favor. I recommended he reformat and reinstall his Windows XP Professional but he has pictures and such on the machine that he doesn't want to lose and would like me to make the attempt.
Also, I've cleaned numerous machines in the past and, since this is a favor, I am treating this as a learning experience and taking a bit of enjoyment from the challenge (it's easier when it's not MY pc that's infected, I suppose).
Now, to business.
I already have the current versions of mbam, ccleaner, superantispyware, hijackthis, spybot search and destroy, zonealarm, and avast burned onto a CD that I use, usually, to clean random PCs with minor malware issues. The CD also has the latest Stinger on it to run off the CD directly.
The PC itself seems to be infected by Spyware Guard 2008, at least, as that's the program that pops up constantly. I'm sure there are other issues, but that's the one that advertises itself.
For starters, the computer will not allow me to browse to any website that contains any instructions on removing ANY virus or malware infection. Once the browser begins loading the site it just shuts down completely--no error message, just closes. ALSO, I am unable to run any of my anti-malware programs from my CD, whether by trying to install directly from the disc or by copying them to my desktop. They won't work under the owner's administrator account, the new administrator account I created for myself to work from, or from the admin account under Safe Mode.
Whenever I try to run any program, no matter how I'm logged on, the installation begins and then just closes by itself. I've renamed the programs, same result. I've even renamed the programs and given them the .bat extension instead of their normal .exe extension and still no luck. They simply will not run no matter their name and extension.
I WAS able to install Spybot Search and Destroy and update it and it was able to locate Spywareguard2008 and Vundo but, though it says that it cleans them, there is no change. Spyware search and destroy is the only program I've been able to install and run and it's of limited (or of no) use.
I've attempted to search my installed components, making sure that Hidden Components are visible, and then searched under the 'Non Plug and Play Devices' and there is no version that I can find of TDSS trojan, which is what I immediately assumed had infected the machine, so I can't Disable it and then run my anti-malware programs.
I've had the computer to play with for about two days now, off and on, and have made no progress, other than installing Spybot which isn't helping. Does anyone have any ideas on what I can try next? I know it's very difficult without my posting a log of some sort, but the computer does not allow this forum to load (any other, but the instant I try a malware removal forum, here or anywhere else, it closes).
Oh, and the first thing I did was disable System Restore, of course, but it seemed to make little difference. Windows update is also unreachable. I even tried downloading Firefox, which was allowed but gives me no more access than before. Google Chrome is not allowed and even a search for it shuts the browser down.
I ran Stinger off the CD and this worked, but Stinger only found one trojan, a downloader, and deleted it and didn't change anything.
Is there anything else I can try that would allow me to install or run the programs I need to run? I've tried renaming them, running them as .bat files, installing them from the CD, from the Desktop, straight download, nada. I haven't tried a thumb-drive as I am not eager in touching any writable media to the machine. It's currently standing alone and I only occasionally give it broadband access with a connection outside my network.
It's a pretty annoying bug. I have to hand it to whomever wrote it ... right before I took a machete to them.
Any advice would be appreciated. Thank you.
PS: just in case I didn't mention it, I'm posting this from my normal PC, not the infected one.
