Solved

Windows Vista has nasty virus. Nothing I tried is working.

Posted on 2010-11-24
5
503 Views
Last Modified: 2013-12-06
Hi all..

Im working on a friends Vista home Premium machine that is infected with something nasty. The Ie search wont change, no antivirus tools will scan. any tool that tries to run a scan closes without error, and the executable for that application corrupts. Any tool I used would just stop and close without error while running a scan. Then the program icon would change so there is an added box on the lower left side of the icon with 2 little people, and when clickin on the application, i would get this error "Windows cannot access the specified device, path or file.  You may not have the appropriate permissions to access the item" no matter what application it was. If I right click on the application, it would look like an MSDOS application.

Here is what I tried so far (both in safe mode and without):

Ran combofix | application crashed before it could run
Ran hijackthis | application crashed before it could run
Ran sophos anti rootkit | found 2 items and removed them, no change, machine still infected
Ran Panda antirootkit | application crashed before it could run
Ran trend micro antirootkit | application would not run due to service not able to start
Ran Microsoft security essentials | application would not run due to service not able to start
Ran Avast Antivirus | application would not run due to service not able to start
Ran Autoruns.exe (winternals) |application crashed before it could run
Ran FileMon.exe (winternals) | application crashed before it could run
Ran offlline scan of hard drive | found and removed 2 threats, virus remains.

Anyone have any other thoughts? I did all this (except the last one) in normal and safe mode.


 Offline Virus scan of hard drive using SATA to USB
0
Comment
Question by:mikovacic_ikon
  • 3
5 Comments
 
LVL 11

Expert Comment

by:yarwell
ID: 34207183
use a bootable AV media like the AVG and Kaspersky rescue CDs. Probably run them both. Sometimes a bad infection requires multiple tools and more than one pass of each tool.

The advantage of the bootable CDs is that you aren't starting the infected operating system and usually they are Linux too.

http://support.kaspersky.com/faq/?qid=208282173
http://www.avg.com/us-en/avg-rescue-cd-download
0
 
LVL 29

Accepted Solution

by:
Sudeep Sharma earned 500 total points
ID: 34207216
To clean and to check if you system is clean do following:

Rename mbam.exe to mbam.com before running it.

Run malwarebytes in Safe Mode with Networking and update it before running a full system scan:
http://www.malwarebytes.org/mbam-download.php

Then try HitManpro to make sure anything which might be left behind is clean:
32bit
http://dl.surfright.nl/HitmanPro35.exe
http://download.cnet.com/Hitman-Pro-3/3000-2239_4-10895604.html

64bit
http://dl.surfright.nl/HitmanPro35_x64.exe

If issue is not resolved by these tools try TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Tutorial on TDSSKiller:
http://support.kaspersky.com/viruses/solutions?qid=208280684

or you could also try FixTDSS.exe from Symantec

http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe

If this does not resolve your issue then try Combofix:

Download Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rename it too to comb.com and then run it

Tutorial on how to use combofix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post logs here for further analysis.

Sudeep
0
 

Author Comment

by:mikovacic_ikon
ID: 34207919
I will try these and let you know how it turns out.. TYVM
0
 

Author Closing Comment

by:mikovacic_ikon
ID: 34230006
Excellent!
0
 

Author Comment

by:mikovacic_ikon
ID: 34230021
Thank you yarwell, but the virus remained after 4 passes. SSharma, looks like TDSSKiller took out the root of the issue and let me run a scan. Thank you very much!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
remove chinese softwares 22 109
Running with UAC disabled.... how bad is that? 6 78
Is CCleaner a virus?  Do you use CCleaner? 18 205
Computer has been hijacked? 13 74
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now