Hi all,
A friend of mine has a Sony Vaio he uses for his Topography and he got it infected with Malware Doctor last week.
Apparently he wanted to install some defragging app and NOD32 was stopping him from doing so (and for good reason). So he disabled the antivirus and installed the app anyway.
He tried some removal procedures from his google search but his computer's left semi-crippled.
I went in with the UBCD 3.22 and ran super antispyware after updating it. It found a few items and cleaned them out. Then I ran Avira which didn't find anything (since his NOD32 scan had already found and cleaned a bunch).
He's getting these two errors right after windows loads:
1. To help protect your computer, windows has closed this program.
Generic Host process for win32 services.
So for some reason, data execution prevention shuts down the generic host process.
2. the instruction at "0x00401000" referenced memory at "0x00401000". The memory could not be written.
Also, the Background Intelligent Transfer Service has been completely destroyed. When I try to run the process I get "Specified file not found". And because this service is dead, the computer can't get any updates, microsoft updates, windows defender updates, google updater (for spyware doctor), and there might be some other functionality that I haven't come across yet.
Maybe this is also due to the BITS malfunction. Any request for something off the internet takes about a minute to go through. I try to open google for example, on either firefox, ie, or chrome... takes a minute to go. (on a 24mbit DSL connection).
I tried sfc /scannow, but still the same problems.
I ran GMER and found 3 services and 1 library that came up red. I was not allowed to delete any of them though.
I will download and build the new UBCD now in hopes of getting some new tool. I will also try a repair installation of windows. (he has XP Media Center on there)
I'll post a HijackThis log with this.
Thanks for the help.
