Need help with persistent virus/malware

  • Thread starter Thread starter Marianne B.
  • Start date Start date
M

Marianne B.

I'm helping a friend who has a very nasty infection.

Here are the symptoms:

He has Norton AV, but when I try to open it, it closes immediately, so I can't
scan, update, or even uninstall it.

Any AV or anti-malware utility that I try to install flashes on the screen for
a second and then closes.
Same in Safe Mode.
Same after deleting all temp files.
Same after un-checking all startup items in msconfig.

If I try to go to any of the websites that have online AV scanners,
(TrendMicro, Symantec, McAfee, Kaspersky, Bit Defender, Panda,
F-Secure RAV), Internet Explorer closes or the control downloads
but won't run.

I copied a folder called "AVG" (that contains AVG and the current defs) from a
CD-ROM disk to the desktop.
When I tried to open the folder, it flashed for a second and closed. I renamed
the folder to "stuff" and it opened with no problem, but the AVG installer it
contained wouldn't run.

I couldn't use F-Prot for DOS because the HDD is formatted NTFS, and I
didn't have a Bart PE disk with me, so I didn't try that. This is the first
time I have encountered an infection that could prevent every online scan
from running.

Would appreciate any suggestions.

Thanks,

M.B.
 
Hi,

If you will know what is the name of malware or file name, removing will be
much simplier.
You didnt write what exactly utilities tried to use but did you try simply
removal tools (some of them removes more then one certain malware) ?
- http://vil.nai.com/vil/stinger/
- http://www.avast.com/eng/avast-virus-cleaner.html
- http://www.softpedia.com/get/Antivirus/removerexe.shtml


Check if you can open system tools like regedit, taskmgr or msconfig - you
can check there what is launched when system starts.

Marcin Domaslawski
 
Iffffffffffff, there is nothing on the hard drive the user wants do a clean
install. Will probably be faster doing it this way than tracking down all
the bad stuff. Don't forget to remove the current partition, replace
it/format it, and then clean install.
Ancient warrior
 
Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. **Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
 
Back
Top