Cannot remove multiple trojans/spyware.

Discussion in 'Malware Help (A Specialist Will Reply)' started by peEtr, Jun 29, 2008.

  1. peEtr

    peEtr Private E-2

    I have a friend who cannot do anything with their pc. I am attempting to help them remotely, but cannot figure it out from here.

    When the user attempts to open their web browser, the homepage has been set to an "insecure internet browsing" warning, which prompts the user to click a link. Certain sites are blocked, and if links are clicked from an external source you are redirected to a variety of fake virus scanning websites.

    The user no longer has access to their screensaver or desktop properties.

    I instructed the user to start in safe mode with networking and install spybot. Initially the install program would not run at all. I had the user rename the file, and they were able to open it. After installing the program it will not open. The start menu link does nothing, and double clicking the actual program does nothing as well.

    I had the user run SmitfraudFix and a CWS.SmartKiller removal utility (from safer-netorking.org). After running these the user was still unable to run spybot and the problems still exist.

    I have attached the HijackThis log file.

    Thanks for any help you can provide,
    Pete
     

    Attached Files:

    peEtr, Jun 29, 2008
    #1
  2. abri

    abri MajorGeek

    Hi peEtr,
    Welcome to MajorGeeks,


    Your HijackThis logs shows one difficult bad file. There are probably more we can't see right now. If you go to the READ & RUN ME FIRST, see if you can get the user to download and install CCleaner in either Normal or Safe Mode and run it. Then scroll down to the bottom of the READ & RUN ME and have the user link to the instructions for their operating system and try to get Combofix and the MGTools downloaded and installed, also in either normal or safemode and try to run them. If you can get these to run, then attach the Combofix and MGlogs.zip. If this improves things, then have them go back through the instructions and run all those things they weren't able to run before, including MalwareBytes and SuperAntispyware. The instructions are all in the above link.

    Thanks.
    abri
     
    abri, Jun 30, 2008
    #2
  3. peEtr

    peEtr Private E-2

    Couldn't go through the Read me first thread because the user could not install any of those programs except for SuperAntispyware. SuperAntispyware detected several instances of Vundo trojan and said it removed them, but upon restart the problems still persisted and a second scan revealed the same trojans were still there.

    The user ended up formatting.
     
    peEtr, Jul 1, 2008
    #3
  4. abri

    abri MajorGeek

    Hi peEtr,
    Reformatting should be good enough. Thanks for your part of the work and for letting us know.
    All the best to you!
    abri
     
    abri, Jul 1, 2008
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds