Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Windows Vista has nasty virus. Nothing I tried is working.

Posted on 2010-11-24
5
Medium Priority
?
509 Views
Last Modified: 2013-12-06
Hi all..

Im working on a friends Vista home Premium machine that is infected with something nasty. The Ie search wont change, no antivirus tools will scan. any tool that tries to run a scan closes without error, and the executable for that application corrupts. Any tool I used would just stop and close without error while running a scan. Then the program icon would change so there is an added box on the lower left side of the icon with 2 little people, and when clickin on the application, i would get this error "Windows cannot access the specified device, path or file.  You may not have the appropriate permissions to access the item" no matter what application it was. If I right click on the application, it would look like an MSDOS application.

Here is what I tried so far (both in safe mode and without):

Ran combofix | application crashed before it could run
Ran hijackthis | application crashed before it could run
Ran sophos anti rootkit | found 2 items and removed them, no change, machine still infected
Ran Panda antirootkit | application crashed before it could run
Ran trend micro antirootkit | application would not run due to service not able to start
Ran Microsoft security essentials | application would not run due to service not able to start
Ran Avast Antivirus | application would not run due to service not able to start
Ran Autoruns.exe (winternals) |application crashed before it could run
Ran FileMon.exe (winternals) | application crashed before it could run
Ran offlline scan of hard drive | found and removed 2 threats, virus remains.

Anyone have any other thoughts? I did all this (except the last one) in normal and safe mode.


 Offline Virus scan of hard drive using SATA to USB
0
Comment
Question by:mikovacic_ikon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 11

Expert Comment

by:yarwell
ID: 34207183
use a bootable AV media like the AVG and Kaspersky rescue CDs. Probably run them both. Sometimes a bad infection requires multiple tools and more than one pass of each tool.

The advantage of the bootable CDs is that you aren't starting the infected operating system and usually they are Linux too.

http://support.kaspersky.com/faq/?qid=208282173
http://www.avg.com/us-en/avg-rescue-cd-download
0
 
LVL 30

Accepted Solution

by:
Sudeep Sharma earned 2000 total points
ID: 34207216
To clean and to check if you system is clean do following:

Rename mbam.exe to mbam.com before running it.

Run malwarebytes in Safe Mode with Networking and update it before running a full system scan:
http://www.malwarebytes.org/mbam-download.php

Then try HitManpro to make sure anything which might be left behind is clean:
32bit
http://dl.surfright.nl/HitmanPro35.exe
http://download.cnet.com/Hitman-Pro-3/3000-2239_4-10895604.html

64bit
http://dl.surfright.nl/HitmanPro35_x64.exe

If issue is not resolved by these tools try TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Tutorial on TDSSKiller:
http://support.kaspersky.com/viruses/solutions?qid=208280684

or you could also try FixTDSS.exe from Symantec

http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe

If this does not resolve your issue then try Combofix:

Download Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rename it too to comb.com and then run it

Tutorial on how to use combofix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post logs here for further analysis.

Sudeep
0
 

Author Comment

by:mikovacic_ikon
ID: 34207919
I will try these and let you know how it turns out.. TYVM
0
 

Author Closing Comment

by:mikovacic_ikon
ID: 34230006
Excellent!
0
 

Author Comment

by:mikovacic_ikon
ID: 34230021
Thank you yarwell, but the virus remained after 4 passes. SSharma, looks like TDSSKiller took out the root of the issue and let me run a scan. Thank you very much!
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question