Computer infected, can't run AV or Spybot S&D

S

sucosam

New member
Hi there. I've been looking through some posts and decided it best to post my own issue. Over the last couple of days I've noticed pop-ups appearing very frequently. Instantly I thought virus or spyware/malware. The issue is my AVG software will not scan my computer, nothing happens when I attempt to run it. Email scanner is disabled, and can't be started, same with AVG ID Protection. I downloaded Spybot and Hijackthis on another PC to a flash drive and transferred to my infected machine as I now no longer have an internet connection...so now Spybot will not even install.

I ran HJT and I could see the resulting log pop up for a brief second, but then disappears. Does it store to a certain location on my hard drive? If so I can get to it this way, but as of right now I'm unable to get this file for posting. Any suggestions on what my next step should be?

Regards,

Sucosam

Anyone have any suggestions on how to proceed in fixing this issue? If the HJT log stores on the C drive somewhere, I can pull it from there and post it, but I don't know the default location. Thx

I have gone through the beginning steps in the "Before You Post" message. My Registry is backed up and when I double click HJT, it appears to run but then disappears without opening Notepad. Whatever issue is on my desktop is preventing any antivirus or malware removal tools from being run.

Can anyone offer a suggestion on how to disinfect my computer?

===================================
If the infection prevents HJT from running, please start a topic, make note of the situation and wait for a response.
Click to expand...
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)
 
Last edited by a moderator:
Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.


Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log in your reply.
 
Hi there, thx for helping me out, it is greatly appreciated. Here are the results of the DDS script. The GMER is still running and I will post that shortly.
 
Hi,

Seems that you've run ComboFix by yourself (not recommended to do so without supervision of trained helper). Post back log from that run, please.


IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTorrent


I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
 
BitTorrent removed. Don't know where I'd find the log for ComboFix, this was run prior to posting on this help forum.
 
Hi,

I was able to track it, but had some issues getting to it, as windows explorer showed the combofix folder as the root of C:\ so it was a neverending loop with no actual combofix file. I was able to copy it however using MS-DOS. I will paste the result here as it is only a few lines. Please let me know if you require the actual file instead.


combofix.txt:
ComboFix 09-10-15.04 - Colin 10/16/2009 10:30:56.1.2 - NTFSx86
Running from: F:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - WINDOWS: deleted 72 bytes in 1 streams.
 
Ok. Let's run it again with this set of instructions:

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.



Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
I am rerunning ComboFix as advised. One issue however is that I get the message stating that the MS Windows Recovery Console is not installed and asks me to click "Yes" to have ComboFix download/install it. Problem here is that since the infection, I do not have an internet connection, so this part fails. It does however continue to go through the completed stages, and once complete I will post the result here.
 
NVM, I see the section about manual installation and will do this momentarily once the current progress of combofix is complete. I will then rerun following the same instructions.
 
Here is the combofix log prior to having windows recovery module installed. Shall I rerun combofix after getting this installed?
 
I am so far unable to install Recovery console. Not sure if this is a requirement or not. The reason is due to not having an internet connection from the infected PC. Is there a way to do this without an internet connection? Also, when using the windows CD it messages me saying that the version of Windows I'm running is newer than the version on the CD.
 
Hi,

Which edition of Windows XP you have - Home or Professional and what language? Let me know and I'll try to guide you with manual recovery console install option.
 
Hi,

Download this bootdisk file and transfer it to the desktop of the system we're cleaning. Then drag'n'drop the file to ComboFix as shown in the tutorial.
 
I've downloaded the file, transferred to my desktop, but the infection will not allow me to manipulate desktop icons. I can only select an icon, I am not able to drag it at all.
 
Ok. Then we'll try another way.

Click start->run->write cmd.exe and press enter. Write bolded command below into command prompt window and press enter:
ComboFix "c:\documents and settings\colin\desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe"
 
I get the message:

'ComboFix' is not recognized as an internal or external command, operable program or batch file.

I ran this from c:\Documents and Setting\Colin and also from c:\combofix
 
Ensure you have ComboFix.exe on your desktop and use this command:
Code: 
"c:\documents and settings\colin\desktop\ComboFix.exe" "c:\documents and settings\colin\desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe"
 
You must log in or register to reply here.
Back
Top