chrisatwork
asked on
Removal help: pum.hijack.drives pum.hijack.taskmanager trojan.spyeyes etc
Hi all
Got hit by a flyby yesterday evening - dropped the following onto one xp pro box:
Tojan.FakeAlert (9)
PUM.Hijack.DisplayProperti es (1)
PUM.Hijack.Drives (1)
PUM.Hijack.TaskManager (2)
Trojan.SpyEyes (4)
Rogue.FakeHDD (1)
Trojan.Dropper (1)
Usual pop ups alerted the problem so pulled the network connection and ran malwarebytes
Removed the above in 2 passes but left with crippled box:
Boots ok into user account but many desktop icons gone, User settings not visible in w/explorer, raid1 array appears empty as does additional hdd.
Running BartPE from cd shows no apparent data loss on any drives and user settings still there on system drive so need guidance how to set about restoring the non viewable items
System now appears clean but will happily run further diagnostics before reconnecting to network. Have used combofix before and have clean internet access to download anything. Other machine on network at attack time not affected.
Obviously want to get this resolved so max points for speedy advice
Thanks
Christopher
Got hit by a flyby yesterday evening - dropped the following onto one xp pro box:
Tojan.FakeAlert (9)
PUM.Hijack.DisplayProperti
PUM.Hijack.Drives (1)
PUM.Hijack.TaskManager (2)
Trojan.SpyEyes (4)
Rogue.FakeHDD (1)
Trojan.Dropper (1)
Usual pop ups alerted the problem so pulled the network connection and ran malwarebytes
Removed the above in 2 passes but left with crippled box:
Boots ok into user account but many desktop icons gone, User settings not visible in w/explorer, raid1 array appears empty as does additional hdd.
Running BartPE from cd shows no apparent data loss on any drives and user settings still there on system drive so need guidance how to set about restoring the non viewable items
System now appears clean but will happily run further diagnostics before reconnecting to network. Have used combofix before and have clean internet access to download anything. Other machine on network at attack time not affected.
Obviously want to get this resolved so max points for speedy advice
Thanks
Christopher
If you scanned with ComboFix can you post the log?
Did you update MalwareBytes before the scan?
You can also run RogueKiller and run mode 2, then mode 6 to restore desktop icons and remove hidden flags on folder/files.
There's an article on RogueKiller:
https://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_4922-Rogue-Killer-What-a-great-name.html
Did you update MalwareBytes before the scan?
You can also run RogueKiller and run mode 2, then mode 6 to restore desktop icons and remove hidden flags on folder/files.
There's an article on RogueKiller:
https://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_4922-Rogue-Killer-What-a-great-name.html
ASKER
Hi both
BloodBaz: No haven't used recovery console yet, wanted to make sure infection was cleared before proceeding.
rpgamergirl: long time since we had any dialogue - nice to hear from you. Didn't run combofix yet so have no log. Will try RogueKiller - haven't heard of that before. Will report back on that.
Thanks
BloodBaz: No haven't used recovery console yet, wanted to make sure infection was cleared before proceeding.
rpgamergirl: long time since we had any dialogue - nice to hear from you. Didn't run combofix yet so have no log. Will try RogueKiller - haven't heard of that before. Will report back on that.
Thanks
Try this ,
Boot computer up press F8 go to windows safe mode with network acces.
Download hitman pro :
http://www.surfright.nl/nl/downloads/
Then scan your computer , it will remove all the spyware.
Reboot computer and see if its off.
Boot computer up press F8 go to windows safe mode with network acces.
Download hitman pro :
http://www.surfright.nl/nl/downloads/
Then scan your computer , it will remove all the spyware.
Reboot computer and see if its off.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks rpgamergirl, you have once again resolved my problem! RogueKiller restored all but 9 of around 150000 items and Unhide got those.
Thanks also to others for responding.
Christopher
Thanks also to others for responding.
Christopher
You're welcome, glad to know it's resolved.
Thanks for using Experts-Exchange!
Thanks for using Experts-Exchange!
Hello
Do you still have the Roguekiller reports?
Do you still have the Roguekiller reports?
ASKER
Tigzy
Yes I have the quarantine report for the event, do you want to see it?
Yes I have the quarantine report for the event, do you want to see it?
Not the quarantine reprt, but the report called like RKReport[numer].txt
What are you asking for here? How to reaccess your files / get windows explorer working correctly again?
Are you trying to get data out before doing a fresh format and reinstall / ghost restore? (That is what I would recommend)