Windows Vista has nasty virus. Nothing I tried is working.

Hi all..

Im working on a friends Vista home Premium machine that is infected with something nasty. The Ie search wont change, no antivirus tools will scan. any tool that tries to run a scan closes without error, and the executable for that application corrupts. Any tool I used would just stop and close without error while running a scan. Then the program icon would change so there is an added box on the lower left side of the icon with 2 little people, and when clickin on the application, i would get this error "Windows cannot access the specified device, path or file.  You may not have the appropriate permissions to access the item" no matter what application it was. If I right click on the application, it would look like an MSDOS application.

Here is what I tried so far (both in safe mode and without):

Ran combofix | application crashed before it could run
Ran hijackthis | application crashed before it could run
Ran sophos anti rootkit | found 2 items and removed them, no change, machine still infected
Ran Panda antirootkit | application crashed before it could run
Ran trend micro antirootkit | application would not run due to service not able to start
Ran Microsoft security essentials | application would not run due to service not able to start
Ran Avast Antivirus | application would not run due to service not able to start
Ran Autoruns.exe (winternals) |application crashed before it could run
Ran FileMon.exe (winternals) | application crashed before it could run
Ran offlline scan of hard drive | found and removed 2 threats, virus remains.

Anyone have any other thoughts? I did all this (except the last one) in normal and safe mode.


 Offline Virus scan of hard drive using SATA to USB
mikovacic_ikonAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

yarwellCommented:
use a bootable AV media like the AVG and Kaspersky rescue CDs. Probably run them both. Sometimes a bad infection requires multiple tools and more than one pass of each tool.

The advantage of the bootable CDs is that you aren't starting the infected operating system and usually they are Linux too.

http://support.kaspersky.com/faq/?qid=208282173
http://www.avg.com/us-en/avg-rescue-cd-download
0
Sudeep SharmaTechnical DesignerCommented:
To clean and to check if you system is clean do following:

Rename mbam.exe to mbam.com before running it.

Run malwarebytes in Safe Mode with Networking and update it before running a full system scan:
http://www.malwarebytes.org/mbam-download.php

Then try HitManpro to make sure anything which might be left behind is clean:
32bit
http://dl.surfright.nl/HitmanPro35.exe
http://download.cnet.com/Hitman-Pro-3/3000-2239_4-10895604.html

64bit
http://dl.surfright.nl/HitmanPro35_x64.exe

If issue is not resolved by these tools try TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Tutorial on TDSSKiller:
http://support.kaspersky.com/viruses/solutions?qid=208280684

or you could also try FixTDSS.exe from Symantec

http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe

If this does not resolve your issue then try Combofix:

Download Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rename it too to comb.com and then run it

Tutorial on how to use combofix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post logs here for further analysis.

Sudeep
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mikovacic_ikonAuthor Commented:
I will try these and let you know how it turns out.. TYVM
0
mikovacic_ikonAuthor Commented:
Excellent!
0
mikovacic_ikonAuthor Commented:
Thank you yarwell, but the virus remained after 4 passes. SSharma, looks like TDSSKiller took out the root of the issue and let me run a scan. Thank you very much!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.