troubleshooting Question

Strange Virus Problem

Avatar of bdhtechnology
bdhtechnology asked on
Anti-Virus AppsVulnerabilities
12 Comments2 Solutions1041 ViewsLast Modified:
I believe my client has the Conficker/Downadup virus.  I have tried everything to remove it.  His Windows updates weren't working for a very long time so he never received the patch to fix the vulnerability.  It appears to be causing problems at the DNS level.  Whenever I try to go to an anti-virus vendor's web site or Microsoft site it either doesn't display the page or redirects the browser to an advertisement.

Here is what I have done and the results:
+Turned of System Restore
+Ran tool to clean all temp files
+Run combofix in Safe Mode - removed some things - still infected
+Ran Hi-Jack This  in Safe Mode - removed some things - still infected
+Ran Malware Bytes in SM - removed some things - still infected
+Ran Spy Bot  in SM - removed some things - still infected
+Pulled the hard drive and scanned it from another computer using Cureit - removed some things - still infected
+Re-installed the hard drive and ran Cureit in Safe Mode - removed some things - still infected
+Ran AVG in Safe Mode - removed some things - still infected
+Installed XP SP3
+Ran Avenger ( http://swandog46.geekstogo.com/ ) - Nothing found
+Found this web site: http://www.joestewart.org/cfeyechart.html and identified the virus as Conficker B based on the result
+Downloaded and ran the F-Secure Downadup removal tool ( http://www.f-secure.com/v-descs/worm_w32_downadup_al.shtml ) in normal mode - Found no infection
+Followed the suggestions for removal from Microsoft ( http://support.microsoft.com/kb/962007 )
    +Ran the Microsoft Malicious Software Removal Tool (both a quick scan and full scan) in normal mode - Found no infection
    +Followed the steps from the above Microsoft page for manual removal.  Got to step 8/9/10 and could not find any service there with any random characters or anything that looked out of place.
+Ran the Norton downadup removal tool ( http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99 ) in normal mode - no infection found.

That is where I am at now.  I can't find any anti-virus tool that will find this virus and remove it.  Anyone have any ideas????
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 2 Answers and 12 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 12 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros