Pain in the neck virus

M

Maniaman

Member
Reaction score
3
Location
Indiana
Got a computer in that belongs to a friend, and it seems to have gotten some pesky persistant little virus. Wasn't showing any symptoms other than redirecting Google searches.

I have run the following:
-TDSSKiller
-ComboFix
-Malwarebytes
-SuperAntiSpyware
-Microsoft Security Essentials offline
-Recovery console fixboot/fixmbr

Everything came back clean except the offline MSE scan which found a Vundo trojan that it cleaned, but the problem still persists. I'm really surprised ComboFix didn't find anything.

One of my other techs took a stab at it and was able to get it to stop the Google redirects. However when trying to run MSE (the antivirus that was originally installed on the computer), the program launches for a split second and then gets closed/killed. Tried reinstalling it which didn't help, leading me to believe the virus is still hiding out somewhere.

Any other suggestions? Normally I'd recommend a data backup & wipe/reinstall, but want to avoid that route if at all possible
 
Not saying this is the situation here but sometimes after you kill a virus there are remnants that are not active viruses but that still give you fits.

Be sure to reset IE (even if they don't use IE). Be sure to check on ALL addons even after reset. Check hosts file, tcp/ip stuff, proxy settings. Check startups with CCleaner including scheduled tasks.

Try other tools like JRT, Adwcleaner, Roguekiller, sometimes they spot things even the big guys don't.

Sometimes your computer is running something that is not seen as a virus but as an addon.

Get a tool to look at the system logs for things at the time of running MSE, it might be dying because of problems with the system and not actual live viruses.
 
Did you run these tools in safe mode? Try running them in normal mode.

Also give MBAR Beta a shot. This is my new favorite anti rootkit tool.

Don't forget to check for rogue partitions.
 
You deff want to get rid of temp files and other toolbars and addons. Once your sure you've got the malware and it's remnants I'd do a SFC on it. Make sure your not missing any system files. You will probably have to check the typical services like BITS (just to name the most obvious one) and make sure they still exist.
 
mr m said:
Did you run these tools in safe mode? Try running them in normal mode.

Also give MBAR Beta a shot. This is my new favorite anti rootkit tool.

Don't forget to check for rogue partitions.
Click to expand...

^^^^^^^^^
+1 on using MBAR. Also the Avast Boot scan has worked well for me several times.
 
You must log in or register to reply here.

Similar threads

timeshifter
Retirement if Internet Explorer 11 related to QuickBooks and in general
Replies
14
Views
5K
Sky-Knight
Sky-Knight
Archon Prime
Damndest issue I've had in awhile...
Replies
13
Views
3K
sapphirescales
sapphirescales
Porthos
Google Chrome Hides WWW and HTTPS:// in the Address Bar Again
Replies
1
Views
595
Sky-Knight
Sky-Knight
timeshifter
Messages late to show up in Outlook 2013 - or how does IMAP really work?
Replies
9
Views
2K
timeshifter
timeshifter
M
[SOLVED] Malwarebytes 'cannot connect to the service'
2
Replies
21
Views
14K
Porthos
Porthos
Back
Top