Unknown Infection[RESOLVED]


Recommended Posts

Hey guys, I am working on a pc remotely that is infected. I am trying to get the logs for HJT from the machine to mine to post.

The symtoms:

When surfing you can go just about any where until the site comes to s security site like avg, notron and such. Anytime I try to download an AV scanner I get page cannot be found, no matter which scanner. If you try to install Malwarebytes, Spybot, or scanners the Run/Cancel window opens and after clicking Run nothing happens. Nothing obvious in the Task Manager. I did run HJT, Ccleaner, ATF cleaner, I have Dr. Web Cureit running now.

Any thing I can look at to assist in cleaning this machine. I am doing all scans possible in Safe Mode.

Mike

Link to post
Share on other sites

Post the Dr. Web log if you have it

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

The infection was tdss. I inadvertantly deleted the folder where I had everything saved. The machine is running 100% better than yesterday. I was able to clean a few infections with Dr. Web CureIt then after that I was able to install Malwarebytes and AVG. I have been doing this remotely and the users need to do some work for school tomorrow. I will tinker with it more this week late nights.

Thanks for the input I did download Combo Fix to keep in the ol' Tool box.

Mike

Link to post
Share on other sites
Guest
This topic is now closed to further replies.