I believe my client has the Conficker/Downadup virus. I have tried everything to remove it. His Windows updates weren't working for a very long time so he never received the patch to fix the vulnerability. It appears to be causing problems at the DNS level. Whenever I try to go to an anti-virus vendor's web site or Microsoft site it either doesn't display the page or redirects the browser to an advertisement.
Here is what I have done and the results:
+Turned of System Restore
+Ran tool to clean all temp files
+Run combofix in Safe Mode - removed some things - still infected
+Ran Hi-Jack This in Safe Mode - removed some things - still infected
+Ran Malware Bytes in SM - removed some things - still infected
+Ran Spy Bot in SM - removed some things - still infected
+Pulled the hard drive and scanned it from another computer using Cureit - removed some things - still infected
+Re-installed the hard drive and ran Cureit in Safe Mode - removed some things - still infected
+Ran AVG in Safe Mode - removed some things - still infected
+Installed XP SP3
+Ran Avenger (
http://swandog46.geekstogo.com/ ) - Nothing found
+Found this web site:
http://www.joestewart.org/cfeyechart.html and identified the virus as Conficker B based on the result
+Downloaded and ran the F-Secure Downadup removal tool (
http://www.f-secure.com/v-descs/worm_w32_downadup_al.shtml ) in normal mode - Found no infection
+Followed the suggestions for removal from Microsoft (
http://support.microsoft.com/kb/962007 )
+Ran the Microsoft Malicious Software Removal Tool (both a quick scan and full scan) in normal mode - Found no infection
+Followed the steps from the above Microsoft page for manual removal. Got to step 8/9/10 and could not find any service there with any random characters or anything that looked out of place.
+Ran the Norton downadup removal tool (
http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99 ) in normal mode - no infection found.
That is where I am at now. I can't find any anti-virus tool that will find this virus and remove it. Anyone have any ideas????
Our community of experts have been thoroughly vetted for their expertise and industry experience.
The Distinguished Expert awards are presented to the top veteran and rookie experts to earn the most points in the top 50 topics.