Solved

Windows Vista has nasty virus. Nothing I tried is working.

Posted on 2010-11-24
5
505 Views
Last Modified: 2013-12-06
Hi all..

Im working on a friends Vista home Premium machine that is infected with something nasty. The Ie search wont change, no antivirus tools will scan. any tool that tries to run a scan closes without error, and the executable for that application corrupts. Any tool I used would just stop and close without error while running a scan. Then the program icon would change so there is an added box on the lower left side of the icon with 2 little people, and when clickin on the application, i would get this error "Windows cannot access the specified device, path or file.  You may not have the appropriate permissions to access the item" no matter what application it was. If I right click on the application, it would look like an MSDOS application.

Here is what I tried so far (both in safe mode and without):

Ran combofix | application crashed before it could run
Ran hijackthis | application crashed before it could run
Ran sophos anti rootkit | found 2 items and removed them, no change, machine still infected
Ran Panda antirootkit | application crashed before it could run
Ran trend micro antirootkit | application would not run due to service not able to start
Ran Microsoft security essentials | application would not run due to service not able to start
Ran Avast Antivirus | application would not run due to service not able to start
Ran Autoruns.exe (winternals) |application crashed before it could run
Ran FileMon.exe (winternals) | application crashed before it could run
Ran offlline scan of hard drive | found and removed 2 threats, virus remains.

Anyone have any other thoughts? I did all this (except the last one) in normal and safe mode.


 Offline Virus scan of hard drive using SATA to USB
0
Comment
Question by:mikovacic_ikon
  • 3
5 Comments
 
LVL 11

Expert Comment

by:yarwell
ID: 34207183
use a bootable AV media like the AVG and Kaspersky rescue CDs. Probably run them both. Sometimes a bad infection requires multiple tools and more than one pass of each tool.

The advantage of the bootable CDs is that you aren't starting the infected operating system and usually they are Linux too.

http://support.kaspersky.com/faq/?qid=208282173
http://www.avg.com/us-en/avg-rescue-cd-download
0
 
LVL 29

Accepted Solution

by:
Sudeep Sharma earned 500 total points
ID: 34207216
To clean and to check if you system is clean do following:

Rename mbam.exe to mbam.com before running it.

Run malwarebytes in Safe Mode with Networking and update it before running a full system scan:
http://www.malwarebytes.org/mbam-download.php

Then try HitManpro to make sure anything which might be left behind is clean:
32bit
http://dl.surfright.nl/HitmanPro35.exe
http://download.cnet.com/Hitman-Pro-3/3000-2239_4-10895604.html

64bit
http://dl.surfright.nl/HitmanPro35_x64.exe

If issue is not resolved by these tools try TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Tutorial on TDSSKiller:
http://support.kaspersky.com/viruses/solutions?qid=208280684

or you could also try FixTDSS.exe from Symantec

http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe

If this does not resolve your issue then try Combofix:

Download Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rename it too to comb.com and then run it

Tutorial on how to use combofix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post logs here for further analysis.

Sudeep
0
 

Author Comment

by:mikovacic_ikon
ID: 34207919
I will try these and let you know how it turns out.. TYVM
0
 

Author Closing Comment

by:mikovacic_ikon
ID: 34230006
Excellent!
0
 

Author Comment

by:mikovacic_ikon
ID: 34230021
Thank you yarwell, but the virus remained after 4 passes. SSharma, looks like TDSSKiller took out the root of the issue and let me run a scan. Thank you very much!
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question