Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Strange Virus Problem

Avatar of bdhtechnology
bdhtechnology asked on
Anti-Virus AppsVulnerabilities
12 Comments1 Solution1041 ViewsLast Modified:
I believe my client has the Conficker/Downadup virus.  I have tried everything to remove it.  His Windows updates weren't working for a very long time so he never received the patch to fix the vulnerability.  It appears to be causing problems at the DNS level.  Whenever I try to go to an anti-virus vendor's web site or Microsoft site it either doesn't display the page or redirects the browser to an advertisement.

Here is what I have done and the results:
+Turned of System Restore
+Ran tool to clean all temp files
+Run combofix in Safe Mode - removed some things - still infected
+Ran Hi-Jack This  in Safe Mode - removed some things - still infected
+Ran Malware Bytes in SM - removed some things - still infected
+Ran Spy Bot  in SM - removed some things - still infected
+Pulled the hard drive and scanned it from another computer using Cureit - removed some things - still infected
+Re-installed the hard drive and ran Cureit in Safe Mode - removed some things - still infected
+Ran AVG in Safe Mode - removed some things - still infected
+Installed XP SP3
+Ran Avenger ( http://swandog46.geekstogo.com/ ) - Nothing found
+Found this web site: http://www.joestewart.org/cfeyechart.html and identified the virus as Conficker B based on the result
+Downloaded and ran the F-Secure Downadup removal tool ( http://www.f-secure.com/v-descs/worm_w32_downadup_al.shtml ) in normal mode - Found no infection
+Followed the suggestions for removal from Microsoft ( http://support.microsoft.com/kb/962007 )
    +Ran the Microsoft Malicious Software Removal Tool (both a quick scan and full scan) in normal mode - Found no infection
    +Followed the steps from the above Microsoft page for manual removal.  Got to step 8/9/10 and could not find any service there with any random characters or anything that looked out of place.
+Ran the Norton downadup removal tool ( http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99 ) in normal mode - no infection found.

That is where I am at now.  I can't find any anti-virus tool that will find this virus and remove it.  Anyone have any ideas????
ASKER CERTIFIED SOLUTION
Avatar of rpggamergirl
Commented:
This problem has been solved!
Unlock 1 Answer and 12 Comments.
See Answers