Chernesky
asked on
Virus/Malware Preventing ComboFix from running
I am taking a look at a friend's laptop who was complaining that one day several desktop shortcuts appeared out of nowhere and that Windows Defender and AVG popped up with alerts.
My first reaction was to run ComboFix is Safe Mode, however even though it is a fresh download, ComboFix displays a warning that the computer may be infected with a file-patching virus like "Virut". Malwarebytes found 30 items and removed them, however ComboFix still will not run.
I attempted to run Trend Micro Housecall, however the browser will not navigate to that page, it hangs up on searching for 'search.avg.com'. Usually ComboFix is my go-to, but if it won't run even in Safe Mode I'm concerned. Are there are any boot disks that have it pre-installed?
Attached is the HiJackThis log, any input on how to remove this malware would be greatly appreciated.
hijackthislog.txt
My first reaction was to run ComboFix is Safe Mode, however even though it is a fresh download, ComboFix displays a warning that the computer may be infected with a file-patching virus like "Virut". Malwarebytes found 30 items and removed them, however ComboFix still will not run.
I attempted to run Trend Micro Housecall, however the browser will not navigate to that page, it hangs up on searching for 'search.avg.com'. Usually ComboFix is my go-to, but if it won't run even in Safe Mode I'm concerned. Are there are any boot disks that have it pre-installed?
Attached is the HiJackThis log, any input on how to remove this malware would be greatly appreciated.
hijackthislog.txt
Mohamed Osama
try renaming combofix first
ASKER
I should have mentioned that in the original post, I always rename ComboFix before running it because I've had problems with viruses recognizing the name before.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I will head over there now to remove those files, expect an update shortly.
Can you acces this link below, use the Combofix instructions there and see if it runs.
https://www.experts-exchange.com/questions/24455711/ComboFix-and-other-anti-malware-tools.html
https://www.experts-exchange.com/questions/24455711/ComboFix-and-other-anti-malware-tools.html
Another approach that works sometimes, if renaming doesn't fix the problem,
Start in Safe Mode
- Click/Enter username
-- ASAP, CRTL + ALT + DEL to get the taskbar, even before the desktop loads. This is very important. Any programs that run in the applications list, kill it. If you can kill it quick enough, or even get CF turned on before the rogue program does, it will sometimes allow you to run CF.
Start in Safe Mode
- Click/Enter username
-- ASAP, CRTL + ALT + DEL to get the taskbar, even before the desktop loads. This is very important. Any programs that run in the applications list, kill it. If you can kill it quick enough, or even get CF turned on before the rogue program does, it will sometimes allow you to run CF.