Stubborn Virus

Printable View

February 9th, 2011, 11:33 AM
Farrar

Stubborn Virus

I have been removing viruses for several years and have only had 2 occurrences where I had to format the drive to solve the problem. A coworker of mine who has similar skills says that he has:
• Ran System Restore
• Ran s deep scan with Malwarebytes with System Restore turned off
• Ran AVG, Avast, and SpyBot
This has not helped. It is NOT Antivirus 2009 but does have similar messages. Any attempts to access antivirus sites are redirected. His last attempt to run System Restore produced a message saying, “That Will Not Help You!” Any attempts to print produce messages stating the printer is missing when it is clearly visible in Printers/Devices and set as the default. Some system tray icons are missing.

I apologize for the lack of detailed info but was curious as to what else could be done to solve the problem. He is running XP Pro with SP3 and IE 8.

Thank You!

Jeff
February 9th, 2011, 11:52 AM
Niclo Iste

Well the simplest infection I've removed that was missed by tools was an exe file hidden in the startup folder in the start menu, secondly you never mentioned using combofix, smitfraud, or vundofix. All of which you should try. In addition if those fail I could safely say it's a rootkit infector. This I would have to say you may need to research depending on the infector. The tools I use I don't know where to find online anymore and the names of the executables I have are not the actual names for the original programs.
February 10th, 2011, 07:31 PM
slgrieb

Malwarebytes AntiMalware isn't designed to detect rootkits. AVG is trash. Spybot does a slightly better job against rootkits than MBM, but it isn't too good either. You really need to run ComboFix. Never download it from any site but bleepingcomputer.com. ComboFix will detect and eliminate most rootkits, but you always want to run it a minimum of twice. If you see the same rootkit, say TDSS3 detected on both passes, download and run Kaspersky's latest TDLKiller.

Once you've eliminated any rootkits, rerun MBAM in full scan mode. MBAM is very good, but it is also sort of a one trick pony. Quick scan will detect most active malware, except for rootkits, but it won't find many of the changes to your networking files, leftover installers, etc. A full scan will find a lot of these, as will Spybot.

Once this is all done, you should confirm that all your network settings are correct. That means verifying that you don't have any unexpected settings for a proxy server, default gateway, DNS server, hosts file, or trusted sites. Combofix will have deleted your hosts file if it found an infection, and I'd personally run Spybot's Immunize feature to create a new one. If there is any software on the machine that requires specific entries in the hosts file to connect to a site, you'll need to add these entries manually.
February 10th, 2011, 07:39 PM
Niclo Iste

yeah, what he said. I am curious as to why you have AVG and Avast on the system. This is always a good way to foul up a pc by having more than one antivirus at the same time on a PC. Stick with a good one and leave it, adding more because "one doesn't work anymore" is just going to make things worse, especially if there is an infector present.
February 10th, 2011, 10:22 PM
MobilePCPhysician

Lose both antivirus products, and download and install Microsoft Security Essentials/
February 11th, 2011, 03:12 AM
Ferrit

Your dead wrong if you think using restore or leaving it active will let you clean this. Its hiding in the system restore, so turn it off and do the scanning in safemode.
2 anti-viruses is just useless as they will conflict with each other, especially when they are as useless as those 2. Use what MobilePCPhysician said .
Microsoft Security Essentials, if you can even install it.