My friends computer is completely messed up

MagiK_11 · Sep 29, 2009

Hey, I'm not a novice at removing infections but my friends pc is completely jacked with some horrible infections.

He had bravix.exe in his startup and also has Antivirus 2010 which I know is an infection among other thins on his computer.

He cannot get online, so I put a bunch of programs on a USB drive and put them on his pc.

90% of them cannot run. I cannot access any file on his desktop unless I use the task manager. He's got like 3 svchost in his processes which I know are infected but whenever I end the process I get some error saying the remote procedure bla bla bla and it shuts down the pc in under a minute.

Disabled his services in msconfig and startup files and went t safemode.

The programs I tried using which do not even open or if they open cannot run are:

Smitrem,
Smitfraudfix,
Sdfix,
Autoruns, (pisses me off I can't run this)
Combofix, (pisses me off I can't run this)
Hijackthis, (pisses me off I can't run this)
Killbox, (pisses me off I can't run this)
Spybot,
Superantispyware,
Malwarebytes,

Was able to run Avast antivirus and told it to run before boot and it found one trojan (forgot to write the name down) and cleaned it but if I run it again it'll find it again. I'll try running it and copying the name down next time.

Ran spysweeper and it says the pc is clean which is bs.

Vundo fix and virtuavundobegone found nothing.

So I tried a lot of different things and even went through the registry to remove all variants of bravix.exe but the problem about me not being able to use the scans I want to use is still present.

Lastly, I tried process explorer and it works but when I try to suspend those damn svchost.exe files I cannot use the taskmanager anymore and that's the only way I can browse around the system.

Any advice?

MagiK_11

MagiK_11 · Sep 30, 2009

I hate bumping threads, but I'm still wondering if anyone has any advice for me concerning this particular problem I'm faced with?

I know I can backup his data and format his pc, but I'm trying to avoid doing that, and all the scans I've tried either didn't work and run and if they did run, they didn't really do much.

Any tip will be useful since I'm very close to formating it.

MagiK11

Major Attitude · Sep 30, 2009

Don't bump threads. These guys can get as far as a week behind, if your in a hurry, sorry, you need to wait your turn.

TimW · Oct 5, 2009

Welcome to Major Geeks!

Please try doing the below:

Download and save the below to your PC (save it anywhere you can find it. The Desktop is fine). Then doube click on it to run it.

AVPFind.bat

It should take a couple minutes to run. You will see a black command prompt window while it is running and it should close when it is finished. Once it finishes, attach the c:\avplog.txt file that is will hopefully create as long as the malware does not block the batch file from running.

Now download and Run exeHelper

Please download exeHelper to your desktop.

Double-click on exeHelper.com to run the fix.

A black window should pop up, press any key to close once the fix is completed.

Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Also please try running the below online scan:

http://www.superantispyware.com/onlinescan.html

Reboot immediately after scanning if it finds and removes anything. Let me know if anything was found. It does not save a log.

Then try running these instructions: Using MGtools

Attach the below logs when finished with all of the above:

C:\avplog.txt - from AVPfind

log.txt - from exeHelper

C:\MGlogs.zip - from MGtools

The C:\ assumes that drive C is you Windows boot drive. If you boot from another drive, then use the correct drive letter above.

MagiK_11 · Oct 5, 2009

I ran all the scans I could but some like MGtools froze but I managed to get a few logs.

There were only two logs from MGtools so I added them instead of zipping it all, hope that's fine.

Thanks for the reply though!

MagiK_11

TimW · Oct 10, 2009

You didnt mention the results of running the online SAS scan.

Now download and save this XPsp3bu.exe to your C:\ root folder. You must do this properly. Now run the XPsp2bu.exe program by double clicking on it. You may or may not notice a quick flash of a black window. This is normal. The program runs quickly and just extracts some files we need.

Now download The Avenger by Swandog469, and save it to your Desktop.

* Extract+ avenger.exe from the Zip file and save it to your desktop
* Run avenger.exe by double-clicking on it.
* -Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

Files to move:
C:\MGtools\temp\eventlog.dllmg | C:\WINDOWS\system32\eventlog.dll
Click to expand...

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\Avenger.txt
* C:\MGlogs.zip

Log in or Sign up

My friends computer is completely messed up

MagiK_11 Private E-2

MagiK_11 Private E-2

Major Attitude Co-Owner MajorGeeks.Com Staff Member

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

MagiK_11 Private E-2

Attached Files:

avplog.txt

exehelperlog.txt

filelog.txt

GetUnKey.txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member