Usually able to fix virus problem... but finally beaten

[jsmitharine]

My original problem post is under the Microsoft OS forum and is titled "Usually able to fix virus problem...but finally beaten"

The virus/malware/spyware has still managed to disable access to major anti-virus websites and downloading off of Microsoft. I figured it would be safe to go-ahead with HijackThis. I attached the log but am not sure as what to do with it. Please help.

 

[adu123]

The virus/malware/spyware has still managed to disable access to major anti-virus websites and downloading off of Microsoft

I'm not sure what do you mean by this.

If you think your computer is infected (describe the symptoms), please follow the 8-step Viruses/Spyware/Malware Preliminary Removal Instructions ,and post the requested logs.

 

[jsmitharine]

Whenever I try to download something of the Microsoft website, I get an web page that says that the page cannot be accessed. Whenever I try going to a major anti-virus software site, like Avast.com, it does the same thing.

I followed the 8 steps but Malwarebytes always crashes when I try to install or uninstall it. SUPERantispyware won't even start installing, there's always an error and automatically closes.

 

[rf6647]

Running both of these is not helpful. Pick one; uninstall the other.

Avira AntiVir
avast! Antivirus

This could be all that it takes to get you moving on the 8-steps. Otherwise, read on.


This is the preferred tactic to disable trojans using the non-plug N play exploit. There are others.

Special case where after installing MBAM and SAS they will not update or run
Read here: https://www.techspot.com/vb/topic116603.html

If the logs inform on the 'TDSS' trojan, 'Supplement to the guide' instructions will apply. I've recommended this more than once or twice this week.

 

[jsmitharine]

Disabling the TDSS trojan was the answer! I am now able to download and correctly install and use Malwarebytes and SUPERantispyware. I attached the logs after completing the 8-steps. Anyone know what I should do?

 

[rf6647]

It's helpful when you call attention to findings, as you did, and adding symptoms is useful for understanding the threat / infection. For your case, we will supplement our guide with a special scan / tool. Please review the 8-step guide for MBAM usage.

Observation: More progress is needed.

• Your logs show found but unanswered items - React to unanswered items appearing in scan logs
• NO Action’ - Remove Selected when offered by MBAM
• 'Delete on Reboot’ - Restart the computer after concluding the scan

Overview -

• ComboFix is a very effective tool that scans / fixes hard to clean infections. Additionally, it includes diagnostic information.
• Uninstall old copy of ComboFix

Supplement to guide. Successive scans used to uncover additional infections.

• Update both MBAM & SAS. Rerun them both.
  
  
• This effort is complete when logs report NO infections/threats, or reporting something it can not clean.
  • Typically extra repeat scans are not needed
  .
  
• Follow ComboFix instructions referenced below.
  
  
• Scan with HJT. (part of instructions for ComboFix)
  
  
• Posts logs. Report progress & what changes are observed. Include logs that found infections.

Uninstall Combofix - if present on the computer

Simplified Instructions for ComboFix + link to download
How-to-use instructions - full version

Please see this for instructions:
Temporarily Disable Real Time Monitoring Programs:

• 1 Spybot S&D (Teatimer)
• 2 Ad-Aware Ad-Watch
• 3 Spywareguard
• 4 Windows Defender
• 5 TrojanHunter Guard
• 6 Disable SpySweeper
• 7 WinPatrol
• 8 CounterSpy
• 9 AVG Anti-Spyware (formerly ewido)
• 10 Spyware Doctor
• 11 Prevx
• 12 ProcessGuard
• 13 ZoneAlarm's OS Firewall
• 14 Ad-Aware 2007 Service