Malware Stopping all Repair Tools

[maclaptech]

So today I came across a tough one. It shut down any program that I try to run (ComboFix, Malrwarebytes, TDDSkiller, Hitman Pro) and whatever else i used.

I tried to stop the process but had no luck, safe mode, no luck. Anyone else seen this?

I did try Rkill and tried both safe mode and normal Windows.

The process is called something like - 93820198843:9389343123.exe

This is Windows XP Pro Environment.

 

[Knightsman]

Download a program called RKILL, put it in at the start of the startup folder and restart the computer

 

[PC Ops]

Did you try Rkill? Did you try renaming the executables that won't run? An offline scan? What exactly have you tried so far?

EDIT: you beat me to it with Rkill Knightsman

 

[maclaptech]

Download a program called RKILL, put it in at the start of the startup folder and restart the computer

I ran all versions of RKill when I was working on that PC before anything else, but had no luck.

 

[techroc]

Have you tried booting into safe mode?

 

[maclaptech]

Have you tried booting into safe mode?

Did everything both in safe mode and normal Windows.

The process is called something like

93820198843:9389343123.exe

 

[techroc]

I would say boot into linux, mount the drive and kill the file manually if you know the dir path

 

[maclaptech]

I would say boot into linux, mount the drive and kill the file manually if you know the dir path

Yeh I was thinking about that as my last option. I remove a lot of infections and this one kinda got me stumped.

 

[xxsilk109xx]

I like using the AVG boot disk for things like this, or just slave the drive to another computer and run MBAM, this will usually get the bulk and get it to boot.

 

[techroc]

Yeh I was thinking about that as my last option. I remove a lot of infections and this one kinda got me stumped.

Once you figure it out you will feel accomplished! Don't give up!

 

[EnigmaTech]

have you tried renaming combofix / malwarebytes to explorer.exe or iexplore.exe?

 

[PC Ops]

As I mentioned earlier, an offline scan would be my plan of action. And ofcourse look for ufo's in System32 + the usual subfolders.

 

[Xander]

I would say boot into linux, mount the drive and kill the file manually if you know the dir path

Yup, on rare occasion, that's what you've got to do.

Otherwise, have you tried renaming Rkill to IExplore.exe? And, if necessary, running that renamed RKill in the IE folder? Have you tried the SCR version of it?

 

[maclaptech]

I will try these extra steps once I get my hands on that PC this Friday. I really appreciate all the input..

 

[totalPCTechs]

Or even better boot in to Linux or a mini xp and disable all srartups and then boot into windows

Sent from my Android Thunderbolt.

 

[myPCTechs]

Pulling the drive is always the first step for most viruses for me. There's no reason to try and fix a virus on a booted machine when it takes 1 minute to pop the drive.

 

[RegEdit]

I don't even bother trying to start removing viruses from the desktop until I use ERD Commander or Bart PE to delete virus start up entries found in the registry. Makes life a whole lot easier!

 

[atlanticjim]

I would use an updated D7 usb stick. It will scan for malware entries before even loading the GUI.

 

[FoolishTech]

I would use an updated D7 usb stick. It will scan for malware entries before even loading the GUI.

Glad to see that suggestion hehe! Although... Only in the HKCR\exefile\shell\open\command key gets scanned first thing in D7... Even if that was this malware's launch point, unfortunately sounds like this malware would terminate D7 before the user had a chance to hit the Fix button on the D7 prompt...

That reminds me of two things:

First, I meant to also have D7 scan the user and system shell values. I need to add that in...

Second, I need to have D7 automatically terminate these potential rogue processes if running - which could possibly help out in the OP's situation - before showing the delete/fix prompt.

Looks like I have to crank out another version...

 

[Jsch38]

Here is a suggestion

I agree on using the AVG Rescue disc or try Karpariscy (sp ?) rescue cd.
You can get the ISO and burn it to a cd. This a bootable linux OS with an easy to use GUI interface. Also look for a bootable Linux verison of AVG and Malware Bytes.