Malware infections disabling safemode problem

[Niclo Iste]

I don't know if many of you have seen this recently or have any input but as of the past 6 months I've seen more and more computers with malware infections that have a disabled safemode. When I say disabled I mean the system will bluescreen every time I try to use safemode. Is there any way to fix this type of issue without a windows disk? I don't mind replacing a file manually but I am remoting a lot more lately and it's a tad bit hard to do a repair install via remote desktop (espeicially if they are half a continent away).

[CCT]

Locally - Detatch the drive, slave and scan from a disinfection computer.

Half-a-continent-away - send them to someone who will detatch the drive, slave and scan from a disinfection computer.

[slgrieb]

Niclo, I'm going to assume you've tried some removal tools in standard mode with no success? If that's the case, you're left with running some removal tools from a boot CD, or pulling the drive. Option B pretty much always gets my vote.

Given the way these nasties mutate, I doubt you'd have much luck doing a manual removal remotely without knowing exactly what you needed to kill first.

[Niclo Iste]

I can successfuly remove them from the PC but even after cleaning safemode is still damaged. My big problem is I can't just remove a drive. Nobody is footing the bill for me to travel to these remote locations and I'm not eating 200+ in travel for a flatrate client who only paid me 129 bucks. I have a feeling it shouldn't be impossible to fix if windows will load in normal mode so the hope is there is a way to fix this without A removing the drive and B using a CD at the location.

Sending a client away isn't an option. I don't get paid hourly I get paid commission.

[slgrieb]

Well, if it won't boot into safe mode, I would suspect the machine's still infected. Of course, I don't know what all's been done to it. I have seen this happen on a couple of machines that were infected with varieties of the Autoruns.VB.Trojans and a couple of the FakeAlert Trojans (per Eset's nomenclature, which Malwarebytes tends to identify as some sort of generic Rogue Antivirus Trojan or Downloader). Have you tried System File Checker on the machine?

[geoscomp]

or have you run chkdsk /r after removing the bugs?

[Niclo Iste]

Geo you made an interesting suggestion. I never thought to try that out. Though if you're suggesting bad sectors that's a lot of failing drives I've seen recently. The next time I get a situation like that I'll try it out. Don't worry I'm sure it will be soon.

[geoscomp]

Nope..not bad sectors, rather file system screwups from the repair process removing things there are calls for

[Ferrit]

Seems to me I am running chkdsk /r alot lately.
Have done so especially after Combofix.
System wouldnt even load without doing it.

[geoscomp]

Yeah..I've noticed the same thing..it's getting so I just do it automatically on every machine that comes in.

[slgrieb]

Seems to me I am running chkdsk /r alot lately.
Have done so especially after Combofix.
System wouldnt even load without doing it.

I'm getting quite a few machines lately that aren't surviving their malware removals very well no matter which tools I've used. Scanned one last night with NOD32 and Malwarebytes and then couldn't get it past an endless reboot loop until I did a repair installation. Before the removal I could get to the desktop, get online, run some apps. That made my 4th of the week that required a repair installation after cleaning, which makes me very angry, very angry indeed.