when you can't install hijack this or malwarebytes!

E

ell

Well-Known Member
Reaction score
451
I struggled with this trojan for hours, I couldn't find a way to install any antivirus prgrms or even do a online scan to get the %&*! off. Nothing would work, even in safe mode, I even tried to map a drive to the infected vista from my XP to scan with malwarebytes from the healthy xp machine, but ofcourse I ran in to access roadblocks there as well. Just when I thought I was going to have to pull the hard drive and scan it from another pc, I tried simply renaming the exe files for both malwarebytes and hijackthis, and ta-dah! they both worked! Don't know if any other newbie's out there knew about this trick so I thought I'd share!;)
 
the same things happen with explorer and rstrui so if you having problems startibg then change the names and try again
 
abe said:
the same things happen with explorer and rstrui so if you having problems startibg then change the names and try again
Click to expand...

I'm running chkdsk on it now, however task manager is still corrupted, there are no tabs or control buttons on the window visible when you open it, just shows the processes running, anybody know how to fix that?
 
yes I did, didn't help. I just read where clicking on the border of tskmgr can fix it, another DUH, if it does!
 
finally got this mess cleaned up! She had installed AVG on top of norton, I don't know how she even did that without warnings, then ofcourse she had trojans, had to rename hijack this and malwarebytes to clean that up, but AVG still popped-up with trojan warning, not being able to fix it. I checked autoruns, process explorer, nothing, and malwarebytes & hijacked this was now clean! Finally I just uninstalled the screwed up AVG and put Avira on, clean scan. DONE! :mad:
 
AdvancedComputerGroupInc said:
This should be one of your first steps, to see what you are up against.

GMER is a good one. I would also run combofix, dial-a-fix and smithfraudfix on this machine too. I am almost certain you are going to find something else.

Please don't take any offense, but are you new to virus removals?
Click to expand...

none taken, still a newbie I guess, I've been trying to find good info on how to use them. I've been pretty lucky these last couple years working mostly on XP, I'm starting to get alot of referral jobs now so I'm constantly pouring over info here. I actually tutored at a college when they got in the first new macs back in the dark ages, and nobody would touch them, however I didn't go back to computers until recently...things are a BIT different now! lots of catching up to do!!!
 
AdvancedComputerGroupInc said:
This should be one of your first steps, to see what you are up against.

GMER is a good one. I would also run combofix, dial-a-fix and smithfraudfix on this machine too. I am almost certain you are going to find something else.

Please don't take any offense, but are you new to virus removals?
Click to expand...

AGH!!! You were right, I rebooted and started surfing (even installed ie8) and now I'm getting web page redirects like crazy S**T! The system is running smoothly, thats why I ASSUMED it was fixed and with no signs in hijackthis and malwarebytes. Guess I'd better find a GMER tutorial fast! This is a 64 bit vista machine, I'm not finding many rootkits that support it.:confused:
 
ell said:
This is a 64 bit vista machine, I'm not finding many rootkits that support it.:confused:
Click to expand...
Before you worry about cleanup software you need to read up on what constitutes a rootkit.

When is this computer due to be returned to the customer?
 
ell said:
AGH!!! You were right, I rebooted and started surfing (even installed ie8) and now I'm getting web page redirects like crazy S**T! The system is running smoothly, thats why I ASSUMED it was fixed and with no signs in hijackthis and malwarebytes. Guess I'd better find a GMER tutorial fast! This is a 64 bit vista machine, I'm not finding many rootkits that support it.:confused:
Click to expand...

Check your hosts files, it might still be borked from a previous infection.

btw- a rootkit is not a kit of roots that you buy for your machine. :p
 
iptech said:
Before you worry about cleanup software you need to read up on what constitutes a rootkit.

When is this computer due to be returned to the customer?
Click to expand...

I told her I'd probably have it done today, oh well, another learning experience, anybody tried trend micro rootkit buster?
 
NYJImbo said:
Check your hosts files, it might still be borked from a previous infection.

btw- a rootkit is not a kit of roots that you buy for your machine. :p
Click to expand...

Hosts file was fine, I found a little AVG rootkit fixer that worked!:D
 
GMER's wicked. It's the rootkit scanner that's included with ComboFix.

Another good one (non free) is UnHackMe. It's translated from chinese and the UI is a nightmare BUT it works well.
 
seedubya said:
GMER's wicked. It's the rootkit scanner that's included with ComboFix.

Another good one (non free) is UnHackMe. It's translated from chinese and the UI is a nightmare BUT it works well.
Click to expand...

thanks, good info, I'm going to try it next time.
 
Sometimes renaming will work, sometimes it doesn't. If it doesn't remove the drive, then run a scan with Malwarebytes Anti-Malware, SuperANTISpyware, and your preferred anti-virus application. This will usually do the trick.

I also navigate through the drive and manually delete files that are obviously illegitimate.
 
You must log in or register to reply here.

Similar threads

ComputerDave
Windows Installer Can't See Local Drive
2
Replies
25
Views
4K
britechguy
britechguy
Blue House Computer Help
Rootkit scanning and removal
2
Replies
20
Views
3K
Sky-Knight
Sky-Knight
Appletax
[REQUEST] Trouble mapping old D-Link NAS
Replies
17
Views
2K
Diggs
Diggs
fincoder
Lenovo M70s Gen 5 can't update BIOS
Replies
3
Views
812
fincoder
fincoder
HCHTech
Windows 11 folder sharing problem
Replies
19
Views
2K
HCHTech
HCHTech
Back
Top