• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 6750
  • Last Modified:

Removal help: pum.hijack.drives pum.hijack.taskmanager trojan.spyeyes etc

Hi all

Got hit by a flyby yesterday evening - dropped the following onto one xp pro box:
Tojan.FakeAlert (9)
PUM.Hijack.DisplayProperties (1)
PUM.Hijack.Drives (1)
PUM.Hijack.TaskManager (2)
Trojan.SpyEyes (4)
Rogue.FakeHDD (1)
Trojan.Dropper (1)

Usual pop ups alerted the problem so pulled the network connection and ran malwarebytes
Removed the above in 2 passes but left with crippled box:

Boots ok into user account but many desktop icons gone, User settings not visible in w/explorer, raid1 array appears empty as does additional hdd.

Running BartPE from cd shows no apparent data loss on any drives and user settings still there on system drive so need guidance how to set about restoring the non viewable items

System now appears clean but will happily run further diagnostics before reconnecting to network. Have used combofix before and have clean internet access to download anything. Other machine on network at attack time not affected.

Obviously want to get this resolved so max points for speedy advice

Thanks

Christopher
0
chrisatwork
Asked:
chrisatwork
  • 3
  • 3
  • 2
  • +2
1 Solution
 
Chris WalshSoftware DeveloperCommented:
Have you tried booting into the recovery console to see if you can access disk contents from there?

What are you asking for here?  How to reaccess your files / get windows explorer working correctly again?

Are you trying to get data out before doing a fresh format and reinstall / ghost restore?  (That is what I would recommend)


0
 
rpggamergirlCommented:
If you scanned with ComboFix can you post the log?
Did you update MalwareBytes before the scan?

You can also run RogueKiller and run mode 2, then mode 6 to restore desktop icons and remove hidden flags on folder/files.

There's an article on RogueKiller:
http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_4922-Rogue-Killer-What-a-great-name.html
0
 
chrisatworkAuthor Commented:
Hi both
BloodBaz:  No haven't used recovery console yet, wanted to make sure infection was cleared before proceeding.

rpgamergirl: long time since we had any dialogue - nice to hear from you.  Didn't run combofix yet so have no log.  Will try RogueKiller - haven't heard of that before.  Will report back on that.

Thanks
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
Le_RoccaCommented:
Try this ,

Boot computer up press F8 go to windows safe mode with network acces.

Download hitman pro :

http://www.surfright.nl/nl/downloads/

Then scan your computer , it will remove all the spyware.

Reboot computer and see if its off.
0
 
rpggamergirlCommented:
Yeah, I was gone for many months... nice to see you, :)

This infection belongs to this rogue family or one of its clones.
If RogueKiller can't remove the hidden flags, just download the "unhide.exe" shown in this tutorial(Windows Diagnostic removal)., scroll down the page.
http://www.bleepingcomputer.com/virus-removal/remove-windows-diagnostic


Unhide.exe
http://download.bleepingcomputer.com/grinler/unhide.exe
0
 
chrisatworkAuthor Commented:
Thanks rpgamergirl, you have once again resolved my problem!  RogueKiller restored all but 9 of around 150000 items and Unhide got those.

Thanks also to others for responding.

Christopher
0
 
rpggamergirlCommented:
You're welcome, glad to know it's resolved.

Thanks for using Experts-Exchange!
0
 
TigzyCommented:
Hello

Do you still have the Roguekiller reports?
0
 
chrisatworkAuthor Commented:
Tigzy

Yes I have the quarantine report for the event, do you want to see it?
0
 
TigzyCommented:
Not the quarantine reprt, but the report called like RKReport[numer].txt
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 3
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now