Solved

Issue removing virus/malware

Posted on 2012-03-22
12
537 Views
Last Modified: 2013-11-22
I just ran rougekiller, tdss killer, malwarebytes, super anti-spyware and I can't seem to get this virus/malware out of an XP Pro SP3 computer.  Although all did come with some type of virus/malware, I cleaned and deleted each one, but no success.  I'm attempting to run Combofix now, but I'm almost possitive that this will also not be sufficient as well.

Any ideas?

The pc just keeps on hanging both online and while clicking from one folder to another.  I also verified that no other, than normal processes are running.
0
Comment
Question by:vulture71
  • 3
  • 2
  • 2
  • +4
12 Comments
 
LVL 9

Expert Comment

by:joshbula
ID: 37754286
Backup the documents/data, format it and do a clean windows install.  It's the only way you know for 100% sure you'll get it all.
0
 
LVL 1

Expert Comment

by:MetMc
ID: 37754295
Do you know any details of the virus/malware?  Is it popping up with a fake antivirus?  Need a little bit more detail.
0
 
LVL 7

Expert Comment

by:frajico
ID: 37754299
Boot the PC from any BOOT/Recue CD like:

Kasperky Rescue CD 10
AVG Rescue CD
Microsoft Defende Offline CD (Microsoft SpySweeper MSSS_Media32.iso or mssstool32.exe)
Panda Security Recue CD

TO analyse and disinfect the HDD and OS without loading any virus/malware
0
 
LVL 1

Expert Comment

by:MetMc
ID: 37754304
Clean install is typically the best solution, but it is not always the optimal solution depending on the critical nature of the programs installed on the computer and how much difficulty will be involved in reinstalling them.
0
 
LVL 38

Expert Comment

by:younghv
ID: 37754469
If you will post the logs from all of the scanners you used, it will help us better understand what you are dealing with.
0
 
LVL 9

Expert Comment

by:joshbula
ID: 37754693
It has been my experience that by the time I ran every anti-malware scanner, created and ran boot disks, searched for what the scanners found and tried those solutions from blogs or forum posts, registry edits, removed services, etc... I ended up spending more time trying to clean it that I would have spent doing a backup, format, and clean re-install of everything, including obscure and hard-to-install software.  

I've learned the hard way that a format and clean install is the most efficient way to get rid of malware, and the only way to make sure it's completely clean.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 14

Expert Comment

by:shahzoor
ID: 37755234
Take out the harddrive
Connect it to a different computer via usb
Make sure its a healthy computer wit latest antivirus and must be a different antivirus than what you are using
Perform a deep scan operation on the harddrive
Further run a disk check as well
I am sure it will remove all viruses + malware etc :)
0
 
LVL 38

Expert Comment

by:younghv
ID: 37755263
shahzoor - the old technique of "Slaving" a hard drive for a scan is not effective against current malware variants. The system needs to be booted to the Windows OS to identify and clean the malware.

Additionally, "Slave Scans" can erroneously delete critical system files without the Windows File Protection service running. A sure way to cause a BSOD.

Read more details here: Malware Fighting – Best Practices
0
 
LVL 5

Expert Comment

by:9660kel
ID: 37759468
Knowing what rogue killer found would be very helpful in moving this further, if you could post the log file, that would be great.
0
 

Author Comment

by:vulture71
ID: 37763952
Sorry guys,

I just ended up starting from scratch.  Thanks for all your help.
0
 
LVL 5

Expert Comment

by:9660kel
ID: 37764036
I guess we'll never know if it was a 15 minute fix or not then.
0
 
LVL 38

Accepted Solution

by:
younghv earned 500 total points
ID: 37765180
vulture71,
I see that you are a brand new member here on EE, so please take the time to learn how to ask (and manage) the questions you post.

More details here:
http://www.experts-exchange.com/help/viewHelpCategory.jsp?helpCategoryID=3 and
http://www.experts-exchange.com/help/viewHelpPage.jsp?helpPageID=13

At this point you have asked 14 questions, abandoned (at least) 2, and never did have the courtesy to respond to any of the volunteers who tried to help you with this malware problem.

In case you haven't figured it out yet, the Experts (all volunteers) here on EE are some pretty smart people. When you continually ignore their efforts, some will decide to return the favor.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now