Malware Causing Internet Connection & Software Problems

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by BrettOlbrys, Mar 2, 2010.

  1. BrettOlbrys

    BrettOlbrys Private E-2

    Please Help,

    I am trying to fix a laptop. I received it and when turned on, all that showed was the wallpaper. The desktop, the icons, and taskbar were all missing. After doing some investigation, I figured out that "explorer.exe" was missing. I placed a new explorer.exe (renamed it "explorer1") into the Windows directory and edited the registry to look for explorer1. After doing this, I recovered the desktop and all icons, but I still needed help.

    If I RIGHT-clicked my mouse on the desktop, everything would disappear and be just like when I first turned it on. When I looked for the "explorer1.exe" in the Windows directory, that file was now corrupted and was no longer valid. This happened over and over and I am now at "explorer7", having had to replace explorer 6 times and renaming each time.

    On the desktop, there appeared to be 4 or 5 images whose links were broken, so 4 or 5 shells of a window appeared with the typical 3 icons on the top right of each. I could not figure out how to remove, so I finally X'd out of each window and they appear to be gone and so far, explorer7 has not corrupted.

    BUT, I cannot access the Internet with either IE or Firefox. It appears to be some type of proxy setting that has been changed (according to Firefox) and in both browsers, the option/tab to change the proxy server setting has disappeared.

    I have downloaded and tried to run every legitimate malware/spyware/antivirus app I could find, but each time I try to run them, they get half way through a scan and then stop working and when I try to run it again, they are now corrupted as well. I have tried to do the same in Safe Mode, but the same thing happens.

    The ONLY thing I can think of at this point is to try to run some type of malware program on startup (before booting to windows).

    What other suggestions do you have and can you recommend something that will scan/remove malware/viruses before booting to Windows to see if this will work?

    Thanks
     
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Please bear with me whilst I seek advice about how to help you. It may be that Chaslang will take over here, either way just be patient and I promise you that one of us will get back to you with a response. :)
     
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    You did not even tell us what version of Windows and Service Pack is running on the PC so it is a little hard to even recommend too much without this info.

    Now matter what version of Windows you have, please use another PC to download the below and then either copy it to a CD or USB flash drive ( CD is safe to avoid infection ) and then use this to copy it to the problem PC.

    MGtools

    Complete details on running the above can be found here: Using MGtools

    Try running it in normal boot mode, it you run into a problem getting it to complete its scan, then boot into Safe Mode with Command Prompt and run it from the command prompt. To make runing it from the command prompt easier, you should make sure that you save it in the root folder of the Windows boot drive. Typically this is drive C and thus you should have C:\MGtools.exe

    Then from the safe boot mode command prompt. You would enter the below command:

    C:\MGtools.exe

    This should run the scans and produce a log file named C:\MGlogs.zip which you need to get attached back here to your next message. (See: HOW TO: Attach Items To Your Post )

    This is may or may not give us enough info to get started. We shall see after your log is attached.
     
  4. BrettOlbrys

    BrettOlbrys Private E-2

    Here is the ZIP file per your instructions.

    Thanks
     

    Attached Files:

  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hello there.

    1. Before we continue I would like for you to use MSConfig to put this machine back into normal start up mode, if you haven't done so already.

    2. Attach the log from running SUPERantispyware on 3rd March.

    3. Please try and now open MalwareBytes > update > scan > fix all it finds and attach the log it creates.

    4. Now I would like for you to refer back to the Read and Run Me First procedures and run combofix as per the instructions. Also attach the log from this if successful. If you have problems running combofix, then please try renaming it to 123.com and try again.

    If successful with CF then please move onto the below step:

    5. You didn't agree to the trend micro hjt license when you first ran MGTools.exe. There is a bug and you have to click "accept" twice to agree.

    Now double click MGTools.exe again this time agreeing, then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Combofix. SAS, & MBAM.

    6. Let us know of any problems you may have encountered with the above instructions and also let me know how things are running now!
     
    Last edited: Mar 4, 2010

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds