malware crush

have a customer with a malware crush infection,    it blocks av web sites and prevents nod32 from running and counter spy finds it but doesn't remove it so that it is really gone

xp home
roberttownsendAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

IndiGenusCommented:
It would help if we could see what was going on with your computer. I suggest that you download, run, and upload a HijackThis log from the link below.

http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php

Click on "Do a system scan and save a log file" button. Post the text from the log file. Do not have HJT fix anything at this point.

Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.
0
roberttownsendAuthor Commented:
I downloaded  highjack this to my flash drive and tired to install it in regular mode and couldn't so I copied it to the desktop and the retarted in safe mode and It wouldn't let me install , would start to install and then just blow it off
0
Cro0707Commented:
Probably this infection blocks HijackThis. Try to download windows defender and make a sys scan. Windows Defender is Microsoft freeware software for Spyware/Malvare clean up. Link for download:
http://www.microsoft.com/athome/security/spyware/software/default.mspx

Hope this help!
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

JonveeCommented:
Another option is to try 'Stinger' which is a utility that cleans the system of viruses, that block anti virus software.  Hopefully that will open things up a bit so that HijackThis can have a free run>
 
http://vil.nai.com/vil/stinger/
0
JonveeCommented:
Vundo is known to hide from a HijackThis scan so possibly you'll need to rename Hijackthis.exe to some other name, for example, Hijackthisdifferent.exe, then it should work.
 
Alternatively you could try an already renamed HijackThis exe file download, from here>
http://danborg.org/spy/hjt/alternativ.exe
0
JonveeCommented:
If you still cannot get HijackThis to run you could try running Combofix, which we may well need later in any case.
Download ComboFix and save to your Desktop >
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click "combofix.exe" and follow the prompts.
When it's finished it will have produced a Logfile, probably at C:\ComboFix.txt.
You could post that log together with a HijackThis log(if ok by then), in a reply for us.
Please do not mouseclick Combofix's window while it is running, because it may stall.  It is absolutely normal for you to see just a blue screen with flashing cursor, and this can last for up to an hour.  Just let it run.

You may have to disable NAV if you have it installed, it's been reported that it can interfere with the cleanup.
0
roberttownsendAuthor Commented:
ok windows defender was on the machine when it got the problem,
Ran stinger, didn't find anything
running combo fix now
0
roberttownsendAuthor Commented:
well after I ran the combo fix, it fixed it and the computer won't boot,    hal error
I'm just going to do a fresh installation on another drive and transfer info and ghost back to the old drive
0
JonveeCommented:
Ok.
A bit late now but, is it a HAL.DLL 'missing or corrupt' error?
If yes, it may be just the Boot.ini file that is 'damaged'.
You could insert the Windows XP CD and select the R key (repair option).
Type bootcfg /list                  < to show you current entries in Boot.ini file.
Then type bootcfg /rebuild     < to repair Boot.ini
Exit.
0
roberttownsendAuthor Commented:
well I;m just finished installing on another hard drive

tried the bootcfg /list   no luck
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
roberttownsendAuthor Commented:
Reformatted the drive
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.