Programs not working after virus removal

MSgherzi

MSgherzi

Member
Reaction score
0
Location
Tehachapi, California
One thing that has always seemed to stump me was the remaining problems that hang around after you remove malware. For instance, the fact that programs either don't open or quit unexpectedly.

I had one machine like this that I actually ended up just formatting because it was so badly infected, but I have a separate machine now that I managed to remove all of the malware from, but here's what is lingering:

Internet Explorer runs for a few seconds then quits, Internet Options through control panel doesn't load, services.msc doesn't load, Revo Unin. deosn't load, and when I get to the final screen of updating CCleaner, it just quits. I tried doing a clean boot, going into safe mode, and even using chkdsk just to be sure.

I used ComboFix, Malwarebytes, SpyBot, HijackThis, and some rescue disks to ensure that the malware (around 5-10 trojans and various spyware & adware) was removed. I even made sure by using some other malware scanners. Nothing is detected anymore.

So I guess the question is what to do after you remove malware and you have lingering problems like this, without having to format? In my past experience, malware is usually removed along with the problems they bring.

Thanks!
 
IMO, after you remove malware you should check to see that all the system files are still in tact. This is important as any number of win security setting or critical files could have been altered by infections.

sfc /scannow
 
If it takes more than a hour trying to fix windows afterwards and sfc doesn't do it, I do a repair/upgrade install or nuke&pave, sometimes its just too time consuming to patch windows after a heavy infection.
 
as stated try the manual removal method first, then scanners, look for rootkits, reset IE,host,make sure no hooks are present, check registry,checkdisk, sfc /scannow. Oh dont forget to check for disk problems and memory issues hardware problems ect.
 
As what normally happens, soon after I posted here, I solved the problem.

I was going to use a program called "DiskHeal" that I found over at "www.computer-realm.net" until I realized that I when I ran ComboFix, it wasn't updated to the latest version. I updated it and installed the recovery console. ComboFix found a critical system file that was infected and it restored it from an original using the recovery console.

Somebody should use that program and post back on it's effectiveness. Nonetheless, I added it to my thumb drive of tools for the future.

Thanks for the replies!
 
Hot-swap the drive on another machine with MSE installed and run an offline scan on the drive. MSE has found stuff that way that literally every other utility out there missed, including its own installed version in the drive's running OS.

Also, run a HDD diag test just to double check. Sounds fishy to me

EDIT:

Cool, ComboFix takes care of nasty critters 95% of the time. It's odd that an expired version actually ran, in my experience it just stops running and won't even run in reduced functionality mode if it's not the latest version...
 
Last edited:
ajc196 said:
Hot-swap the drive on another machine with MSE installed and run an offline scan on the drive. MSE has found stuff that way that literally every other utility out there missed, including its own installed version in the drive's running OS.
Click to expand...

Interesting. This is the second thread Ive read in the last couple of days extolling MSSE. It really seems to be going from strength to strength. I have never used it this way - I have it installed on all of my machines except my Work machine which has Kaspersky -I tend to rely on Sardu for scanning customer machines, but will definitely have a look at this next time I am doing a malware job
 
MSgherzi said:
I was going to use a program called "DiskHeal" that I found over at "www.computer-realm.net" until I realized that I when I ran ComboFix, it wasn't updated to the latest version. I updated it and installed the recovery console. ComboFix found a critical system file that was infected and it restored it from an original using the recovery console.
Click to expand...

With ComboFix, you should download a new copy everyday. I'm not entirely sure how often they update the program, but it seems to be updated daily. I use to keep a copy on my USB Drive but sometimes if it is old it will just disappear when you click on it. So when I do a virus removal I just get a new copy. Either from the computer that has the virus or from my computer and move it over with a USB drive.


ComboFix is a great tool. I wish we could get more information on it. A guy over on the maximum pc forums talks about adding scripts to ComboFix. But the author doesn't want any information out.

I just want to add one more thing. Make sure you always download from bleepingcomputer.com. I know if another tech that use to use a different site and he ended up messing up a computer.
 
AdamsAPlus said:
With ComboFix, you should download a new copy everyday. I'm not entirely sure how often they update the program, but it seems to be updated daily. I use to keep a copy on my USB Drive but sometimes if it is old it will just disappear when you click on it. So when I do a virus removal I just get a new copy. Either from the computer that has the virus or from my computer and move it over with a USB drive.


ComboFix is a great tool. I wish we could get more information on it. A guy over on the maximum pc forums talks about adding scripts to ComboFix. But the author doesn't want any information out.

I just want to add one more thing. Make sure you always download from bleepingcomputer.com. I know if another tech that use to use a different site and he ended up messing up a computer.
Click to expand...
I know quite a bit about the tool but as you said, it's basically restricted info. Most of it I have discerned on my own over years of research and use (as I never have "officially" completed training in online malware removal via one of the forums), but I know it to be accurate. It's mostly kept secret to prevent the uninformed and/or the malicious from exploiting it.

Maybe we can open a discussion in one of the private forums or something.
 
othersteve said:
I know quite a bit about the tool but as you said, it's basically restricted info. Most of it I have discerned on my own over years of research and use (as I never have "officially" completed training in online malware removal via one of the forums), but I know it to be accurate. It's mostly kept secret to prevent the uninformed and/or the malicious from exploiting it.

Maybe we can open a discussion in one of the private forums or something.
Click to expand...
I'd be game for that. Definitely not the kind of info you want in Joey Enduser's hands.
 
You can understand why it's restricted. Look at what has happened now that Ikarus, AVG, and other anti-malware engines have been released. Websites like Scan4You and NoVirusThanks are harvested by hackers trying to crypt their RATs against these highly used anti-malware engines. The last thing you want it a powerful tool like ComboFix becoming useless.

Unfortunately, being open source and publicizing your security information is not always the best decision.
 
You must log in or register to reply here.

Similar threads

Velvis
Cleaned up a scammed computer and a weird command prompt window showed up
2
Replies
26
Views
2K
Markverhyden
Markverhyden
backwoodsman
[SOLVED] Blank screen after Windows update
Replies
8
Views
227
britechguy
britechguy
Velvis
QBs Web Connector not working
Replies
2
Views
356
HCHTech
HCHTech
HCHTech
Alerts!
Replies
10
Views
821
Sky-Knight
Sky-Knight
NETWizz
New Laptop Woes
Replies
13
Views
1K
HCHTech
HCHTech
Back
Top