malware crush

have a customer with a malware crush infection,    it blocks av web sites and prevents nod32 from running and counter spy finds it but doesn't remove it so that it is really gone

xp home
roberttownsendAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
roberttownsendConnect With a Mentor Author Commented:
well I;m just finished installing on another hard drive

tried the bootcfg /list   no luck
0
 
IndiGenusConnect With a Mentor Commented:
It would help if we could see what was going on with your computer. I suggest that you download, run, and upload a HijackThis log from the link below.

http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php

Click on "Do a system scan and save a log file" button. Post the text from the log file. Do not have HJT fix anything at this point.

Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.
0
 
roberttownsendAuthor Commented:
I downloaded  highjack this to my flash drive and tired to install it in regular mode and couldn't so I copied it to the desktop and the retarted in safe mode and It wouldn't let me install , would start to install and then just blow it off
0
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

 
Cro0707Connect With a Mentor Commented:
Probably this infection blocks HijackThis. Try to download windows defender and make a sys scan. Windows Defender is Microsoft freeware software for Spyware/Malvare clean up. Link for download:
http://www.microsoft.com/athome/security/spyware/software/default.mspx

Hope this help!
0
 
JonveeCommented:
Another option is to try 'Stinger' which is a utility that cleans the system of viruses, that block anti virus software.  Hopefully that will open things up a bit so that HijackThis can have a free run>
 
http://vil.nai.com/vil/stinger/
0
 
JonveeConnect With a Mentor Commented:
Vundo is known to hide from a HijackThis scan so possibly you'll need to rename Hijackthis.exe to some other name, for example, Hijackthisdifferent.exe, then it should work.
 
Alternatively you could try an already renamed HijackThis exe file download, from here>
http://danborg.org/spy/hjt/alternativ.exe
0
 
JonveeConnect With a Mentor Commented:
If you still cannot get HijackThis to run you could try running Combofix, which we may well need later in any case.
Download ComboFix and save to your Desktop >
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click "combofix.exe" and follow the prompts.
When it's finished it will have produced a Logfile, probably at C:\ComboFix.txt.
You could post that log together with a HijackThis log(if ok by then), in a reply for us.
Please do not mouseclick Combofix's window while it is running, because it may stall.  It is absolutely normal for you to see just a blue screen with flashing cursor, and this can last for up to an hour.  Just let it run.

You may have to disable NAV if you have it installed, it's been reported that it can interfere with the cleanup.
0
 
roberttownsendAuthor Commented:
ok windows defender was on the machine when it got the problem,
Ran stinger, didn't find anything
running combo fix now
0
 
roberttownsendAuthor Commented:
well after I ran the combo fix, it fixed it and the computer won't boot,    hal error
I'm just going to do a fresh installation on another drive and transfer info and ghost back to the old drive
0
 
JonveeConnect With a Mentor Commented:
Ok.
A bit late now but, is it a HAL.DLL 'missing or corrupt' error?
If yes, it may be just the Boot.ini file that is 'damaged'.
You could insert the Windows XP CD and select the R key (repair option).
Type bootcfg /list                  < to show you current entries in Boot.ini file.
Then type bootcfg /rebuild     < to repair Boot.ini
Exit.
0
 
roberttownsendAuthor Commented:
Reformatted the drive
0
All Courses

From novice to tech pro — start learning today.