Solved

Combofix always hangs badly infected Acer Laptop

Posted on 2011-09-29
11
2,413 Views
Last Modified: 2013-11-22
I have an Acer Aspire laptop that has been badly infected by a virus picked up by visiting a malicious website.   Its’s the one where your desktop program shortcuts appear to be missing and there is a program suggesting you activate a windows fix.

Have uninstalled anti-virus software to allow combofix to run

First time Combofix ran, it successfully installed the Recovery Module, then successfully created the restore point but hung after it started to run the 50 virus check stages and never completed the first virus check stage (I left it running for about 8 hours).  There is no disk activity and no response to mouse etc.    Have to switch off by holding in Switch Off key. Have tried to run Combofix with normal user logon, in Safe mode and in Safe Mode with networking but always hangs just after starting the virus check stage.

Have also ran SuperAntispyware which did complete and found a few items to delete.

Any ideas for getting Combofix to run or can someone suggest an alternative cleanup app. I have used Combofix many time in the past with great success.
0
Comment
Question by:ianmal2
11 Comments
 
LVL 7

Expert Comment

by:Christopher Martinez
ID: 36816610
Do you have any CD emulators installed and running? i.e. Daemon, Alcohol 120% etc
0
 
LVL 62

Assisted Solution

by:☠ MASQ ☠
☠ MASQ ☠ earned 200 total points
ID: 36816626
Ideally you need a combination of tools to deal with these.
Have a look at younghv's article here:
http://www.experts-exchange.com/Software/Internet_Email/Anti_Spyware/A_6550-2012-Malware-Variants.html
0
 
LVL 7

Expert Comment

by:karllangston
ID: 36816638
try running something like AVG's boot cd first then move onto things like malwarebytes in normal mode
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 1

Author Comment

by:ianmal2
ID: 36816973
No CD emulators running.  I'll check out the referenced article and AVGs boot CD.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36817073
You could also potentially find the bad files causing the headache if you boot to UBCD/Slave this HDD and use Autoruns, to "Analyze Offline System". It enumerates all the startup locations. They are often very simple to find, in %allusersprofile%\Application Data, or underneath the user's Local Settings\Application Data directories.....

Autoruns
http://live.sysinternals.com/autoruns.exe

Have you also just tried logging in as another user account? Some of these are USER based, and do not affect the entire system.....
0
 
LVL 1

Author Comment

by:ianmal2
ID: 36817279
Yes I have created another user account where everything seems to work normally.  But Combofix still stops at the same point.
0
 
LVL 10

Accepted Solution

by:
Jim-R earned 300 total points
ID: 36817554
rpgamergirl wrote an article specifically on this infection.  Perhaps you could

find your solution within her article here
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36834004
If you could use the Autoruns util under the other account, and hit the Users option at the top, and select the infected user, we should be able to spot the infection.....
0
 
LVL 92

Expert Comment

by:nobus
ID: 36890100
i can recommend mbam; it runs fast and cleans most problems : http://www.malwarebytes.org/mbam.php       
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 36890878
Try deleting that copy and download a new version of ComboFix, if that was a fresh download then it's possible that the file got corrupted so try getting a new one and see if it works.
0
 
LVL 1

Author Comment

by:ianmal2
ID: 36910168
Thanks for all your help.  Just a couple of thing to note. Had to run Kaspersky Virus Removal Tool before TDSSKiller would run.  Found RKill to be more effective that RogueKiller.

And finally even although laptop is now virus free, combofix still won't run?
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article (http://rdsrc.us/u3GP7A) first and run the tool TDSSKiller (http://rdsrc.us/GDBBs4) to get rid of the infection. Once done, and if the …
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question