Can't get it off PC!!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Malcolm316, Aug 26, 2011.

  1. Malcolm316

    Malcolm316 Private E-2

    I have a malware/rootkit on a pc that has effectively and successfully subverted all attempts to remove it. It will allow the removal software to install, but it will not allow any of them to run. I have tried to run Malwarebytes, superantispyware, and rootrepeal all with no success. They will start running and then shut down. Any suggestion as I am at my wits end, and I consider myself to be an advanced tech.
     
    Malcolm316, Aug 26, 2011
    #1
  2. thisisu

    thisisu Malware Consultant

    Hi and welcome to Major Geeks, Malcolm316!

    Let's give these a try, if something isn't able to run, continue with the next step.

    Now download exeHelper by Raktor.
    • Double-click on exeHelper.com to run the fix.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file named exeHelperlog.txt will be created in the directory where you ran exeHelper.com
    • Attach the exeHelperlog.txt file to your next message. (How to attach items to your post)
      Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    Now we need to run TDSSKiller by Kaspersky
    Follow the instructions here and attach your log when you are finished. (How to attach items to your post)

    Please download MBRCheck by GeeksToGo to your desktop.
    See the download links under this icon http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif
    • Double click MBRCheck.exe to run (Vista and Win7 right click and select Run as Administrator)
    • It will show a Black screen with some information that will contain either the below line if no problem is found:
      • Done! Press ENTER to exit...
    • Or you will see more information like below if a problem is found:
      • Found non-standard or infected MBR.
      • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
    • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
    • Attach this log to your next message. (How to attach items to your post)

    Also, have you been able to run MGtools.exe? - Using MGtools
    If you were successful in running MGtools.exe, attach C:\MGlogs.zip to your next message. (How to attach items to your post)

    After attempting to run the above, I would like you to retry running SAS, MBAM, and ComboFix. Then attach those logs as well.

    Refer back to READ & RUN ME FIRST Malware Removal Guide for instructions on how to run these programs.
     
    thisisu, Aug 27, 2011
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds