Results 1 to 3 of 3

Thread: Malware stops applications

  1. #1
    Junior Member
    Join Date
    Jan 2010
    Posts
    2

    Lightbulb Malware stops applications

    I was trying to help my client remove some malware of his website and got myself infected. My #1 sympton is that the possible malware is blocking most applications from executing when logged in with default Admin login.

    Applications which are being blocked right now are most of the popular anti malware applications including spybot, sas but also other applications such as Adobe apps and it's also blocking newly installed software from executing.

    Another sympton I have is that the desktop constantly refreshes (blinking) immediately upon login. I checked the event viewer which basically says that the winlogon.exe is crashing explorer.exe. The only way I am able to stop this constant refreshing is by running combofix.exe via task manager right upon login.

    I found this very interesting as comobofix isn't really supposed to run on my system which is WIN2k Advanced Server SP4. But it seems to be the only tool I found that stops the desktop refresh and I am actually very very happy about that, as my symptoms when logged into safe mode are almost identical.

    I found a workaround by connecting to the machine via Remote Desktop Connection (RDC). When connected with RDC everything works fine. I am able to run all programs.

    Hopefully this will help someone who is in the same situation and unable to run Anti Virus programs even in safe mode. In order to establish a successful RDC connection, make sure that all required services are started such as Terminal Services and others.

    Unfortunately, the scanners that I ran including the ones mentioned above + Malwarebytes, even Kaspersky and Panda online scans did NOT pick it up and I still have both symptons.

    Does anybody know if there is a way to overwrite the current admin profile with the same profile that's created when a RDC connection is established?
    Or should I approach this a different way?

    Any advice, comments or assistance you may be able to provide is highly appreciated.


    Thank you all in advance,
    Chris
    Last edited by tashi; 2010-01-30 at 19:00. Reason: Edited topic subject

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,471

    Default

    Hello Chris007,

    FYI, forum FAQs: Do NOT run 'FIXES' (ComboFix etc) without being asked

    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Also,
    If someone posts advice to others in their own topic as in, "this worked for me", it will be removed. Just so you know.
    Quote Originally Posted by Chris007 View Post
    I found this very interesting as comobofix isn't really supposed to run on my system which is WIN2k Advanced Server SP4.
    Tools used by volunteer helpers may not be compatible with WIN2k Advanced Server SP4. The purpose of this forum is to help members with personal computers.

    Best regards.
    Last edited by tashi; 2010-01-30 at 19:08. Reason: clarify
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Jan 2010
    Posts
    2

    Default

    Don't worry about it. I'll figure it out myself. I thought this was a place where people help one another. I guess I was wrong and I'll go somewhere else then.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •