Windows Vista has nasty virus. Nothing I tried is working.

Hi all..

Im working on a friends Vista home Premium machine that is infected with something nasty. The Ie search wont change, no antivirus tools will scan. any tool that tries to run a scan closes without error, and the executable for that application corrupts. Any tool I used would just stop and close without error while running a scan. Then the program icon would change so there is an added box on the lower left side of the icon with 2 little people, and when clickin on the application, i would get this error "Windows cannot access the specified device, path or file.  You may not have the appropriate permissions to access the item" no matter what application it was. If I right click on the application, it would look like an MSDOS application.

Here is what I tried so far (both in safe mode and without):

Ran combofix | application crashed before it could run
Ran hijackthis | application crashed before it could run
Ran sophos anti rootkit | found 2 items and removed them, no change, machine still infected
Ran Panda antirootkit | application crashed before it could run
Ran trend micro antirootkit | application would not run due to service not able to start
Ran Microsoft security essentials | application would not run due to service not able to start
Ran Avast Antivirus | application would not run due to service not able to start
Ran Autoruns.exe (winternals) |application crashed before it could run
Ran FileMon.exe (winternals) | application crashed before it could run
Ran offlline scan of hard drive | found and removed 2 threats, virus remains.

Anyone have any other thoughts? I did all this (except the last one) in normal and safe mode.

 Offline Virus scan of hard drive using SATA to USB
Who is Participating?
Sudeep SharmaConnect With a Mentor Technical DesignerCommented:
To clean and to check if you system is clean do following:

Rename mbam.exe to before running it.

Run malwarebytes in Safe Mode with Networking and update it before running a full system scan:

Then try HitManpro to make sure anything which might be left behind is clean:


If issue is not resolved by these tools try TDSSKiller:

Tutorial on TDSSKiller:

or you could also try FixTDSS.exe from Symantec

If this does not resolve your issue then try Combofix:

Download Combofix

Rename it too to and then run it

Tutorial on how to use combofix:

Post logs here for further analysis.

use a bootable AV media like the AVG and Kaspersky rescue CDs. Probably run them both. Sometimes a bad infection requires multiple tools and more than one pass of each tool.

The advantage of the bootable CDs is that you aren't starting the infected operating system and usually they are Linux too.
mikovacic_ikonAuthor Commented:
I will try these and let you know how it turns out.. TYVM
mikovacic_ikonAuthor Commented:
mikovacic_ikonAuthor Commented:
Thank you yarwell, but the virus remained after 4 passes. SSharma, looks like TDSSKiller took out the root of the issue and let me run a scan. Thank you very much!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.