Malware's preventing most tools from running

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by hamguin, Mar 1, 2009.

  1. hamguin

    hamguin Private E-2

    Attempting to follow the XP cleaning procedure, and none of the tools will run except MGTOOLS, which did run to completion and generated the zipped file.

    Symptoms are: both IE and Firefox either redirect or deny finding websites. For example, cannot get to windowsupdate.microsoft.com--instead, browser is redirected to findstuff.com when I attempt to click on Google search result which points to windowsupdate.microsoft.com. Attempting to go directly there results in a 'page not found' error. Same is true for symantec.com or Mcafee,com.

    Spybot did install, but when I run it, it loads a 3MB process I can see in task manager, but never opens.

    Superantispyware will not install. Even after renaming the executable, it crashes with the "SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience" error, which pops up and asks if I want to send the error report to Microsoft.

    Combofix opens the "do you want to run" window, but never continues when I tell it to.

    Malwarebytes' Anti-Malware -- same thing: when I click to run it, nothing happens.

    One detail: Netscape Navigator appears unphased by the malware. So, I do have a working browser for some web access (Microsoft insists on IE, so I cannot use windowsupdates via this browser) on that computer.

    I am attaching the mglogs.zip file.

    One other note: I am actually conversing from a clean machine. I am running logmein to access the dirty computer, and I have verified that the blocked programs are blocked even when sitting in front of the infected machine. At this point, I don't believe logmein is adding any additional trouble.

    Thanks in advance for any advice you can offer!

    Rick
     

    Attached Files:

  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let's start with this:

    Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

    * Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
    * Then search for TDSSserv.sys
    * Let me know if you find this or not.
    * If you do find it, right click on it, and select Disable. Do not try to uninstall it.
    * Also if this is found and you disable it, then reboot and see if you can run the other scans that would not run.

    Use add/remove programs to uninstall:
    J2SE Runtime Environment 5.0 Update 10"
    J2SE Runtime Environment 5.0 Update 11"
    J2SE Runtime Environment 5.0 Update 9"
    Java 2 Runtime Environment, SE v1.4.1_02"
    Java(TM) 6 Update 2"
    Java(TM) 6 Update 3"
    Java(TM) 6 Update 5"
    Java(TM) 6 Update 7"
    Java(TM) SE Runtime Environment 6 Update 1
    Viewpoint Media Player

    Now use windows explorer to find and delete:
    C:\Documents and Settings\Julia\Application Data\MJUSBSP
    C:\Documents and Settings\Julia\Local Settings\Application Data\tjnet

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file and any other logs you can run ( remember to try the in safe mode).
     
  3. hamguin

    hamguin Private E-2

    Tim W -- Thanks so much for your reply! Just minutes ago, I was finally able to get MBAM and Combofix to run, first in safe mode after renaming the executables, and then they were both able to run in normal mode.

    A total of seven infected keys or files were found, and eliminating them seems to have done the trick! The machine is now operating normally, and all symptoms are gone.

    I'm going to go ahead and follow your suggestions to remove Java-related vulnerabilities just to be a bit safer going forward.

    As far as I'm concerned, this one is a done deal!

    Thanks again for your help.
     
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let me know if you have further problems.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds