Very Infected Laptop, Combofix doesn't run, Random Hangs

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Saneicon, Jun 17, 2009.

  1. Saneicon

    Saneicon Private E-2

    Here's the problem: I was given a computer earlier today, with several issues. Ran SuperAntiSpyware and Malwarebyte's, but when I go to run ComboFix, nothing happens. It shows the loading screen, and then it hangs and does nothing. From there, I need to go and reboot the computer, because nothing will open up, and the taskbar will not work at all. Also, whenever something freezes, Task Manager will not kill the application or process, it won't kill anything.

    When I ran RootRepeal afterwards, it said "Error - Invalid PE Image" or somethng along those lines (my attempt to screen it didn't work), but I was still able to go and run the program. In the middle of the RR scan I got and Error , saying "Attempt to read from address: 0x00dd6004", and the program crashed. I got a log of that, and attached will attach it to this post.

    Order I've done things:
    1. Run SAS, log included
    2. Run MBAM, log included
    3. Attempt to run ComboFix, hung and froze, forcing reboot
    4. Attempt to run RootRepeal, got memory access error, crash log enclosed
    5. Attempt to run RR again, worked this time, log included.
    6. Attempt to run MGtools, Works, log included.
    7. Attempted to boot into safemode, computer gave constant "\a" sounds (Couldnt figurea better way to describe the beep) and a black screen until I forced it off.
    8. Got to the windows boot recovery, was able to go into safemode that way.
    9. Attemp to run ComboFix from safemode, still hangs up and does nothing.

    Attached the logs I did get, can't figure out the issue.
     

    Attached Files:

  2. Saneicon

    Saneicon Private E-2

    Attached other log.
     

    Attached Files:

  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    First off, you are running two AV programs:
    McAfee
    Avira

    Uninstall one now!

    Run this: Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Please use add/remove programs to uninstall:
    Viewpoint Media Player <-- should have been uninstalled in step 1 of the READ ME
    J2SE Runtime Environment 5.0 Update 2"
    Java(TM) 6 Update 11"
    Java(TM) 6 Update 3"
    Java(TM) 6 Update 7
    Viewpoint Manager (Remove Only)"

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

    After clicking Fix, exit HJT.

    Now use windows explorer to find and delete:
    C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\Tasks\Google Software Updater.job
    C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job
    C:\WINDOWS\Tasks\ISP signup reminder 1.job
    C:\WINDOWS\Tasks\ISP signup reminder 2.job
    C:\WINDOWS\Tasks\ISP signup reminder 3.job
    C:\32788R22FWJFW

    Now run CCLeaner.

    Then check these folders and remove everything left ( you can not remove items from todays date):
    C:\WINDOWS\Temp\
    C:\Documents and Settings\Owner\Local Settings\Temp\

    Now download and install:
    Java Runtime 6

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\MGlogs.zip

    Make sure you tell me how things are working now!
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds