when you can't install hijack this or malwarebytes!

[ell]

Sometimes renaming will work, sometimes it doesn't. If it doesn't remove the drive, then run a scan with Malwarebytes Anti-Malware, SuperANTISpyware, and your preferred anti-virus application. This will usually do the trick.

I also navigate through the drive and manually delete files that are obviously illegitimate.

I read somewhere that you could map a network drive to it and scan it from a clean pc, anybody ever tried it? is it possible to scan networked drives?

 

[JRDtechnet]

redirects are usually the result of a DNS change.

 

[MSgherzi]

I struggled with this trojan for hours, I couldn't find a way to install any antivirus prgrms or even do a online scan to get the %&*! off. Nothing would work, even in safe mode, I even tried to map a drive to the infected vista from my XP to scan with malwarebytes from the healthy xp machine, but ofcourse I ran in to access roadblocks there as well. Just when I thought I was going to have to pull the hard drive and scan it from another pc, I tried simply renaming the exe files for both malwarebytes and hijackthis, and ta-dah! they both worked! Don't know if any other newbie's out there knew about this trick so I thought I'd share!

It's well known that many viruses and malware will hide themselves automatically when they see certain programs launched. I was arguing with another guy on some hacking forum because he simply declared a guy's entire computer clean based off a single HJT log.

Do you have a thumb drive with your utilities? If so, do you launch them from there or install them first? If you launch them from your TB like myself, perhaps you'd like to go and rename the .exe's now to save you the hassle later on.

That being said, I would have pulled that HDD and scanned it on another machine before going through all of the steps you did. But I enjoy seeing your ambition.
Good job.

 

[ell]

It's well known that many viruses and malware will hide themselves automatically when they see certain programs launched. I was arguing with another guy on some hacking forum because he simply declared a guy's entire computer clean based off a single HJT log.

Do you have a thumb drive with your utilities? If so, do you launch them from there or install them first? If you launch them from your TB like myself, perhaps you'd like to go and rename the .exe's now to save you the hassle later on.

That being said, I would have pulled that HDD and scanned it on another machine before going through all of the steps you did. But I enjoy seeing your ambition.
Good job.

Thanks! Sometimes I put myself through hoops just to learn new tricks! (glad the customer isn't watching-I'm always careful to backup) I'm not a big fan of pulling hard drives, especially ide, I bent a couple pins once, had to use the end of a mechanical pencil to straighten it out! I just had a very successful remote virus removal from across the country that was fun, love it when things actually work out once in a while!

 

[stevenamills]

Roguefix (actually a bat file) will frequently run when others won't and give you enough room to operate.

Even if it fails, it doesn't take long to find out.

 

[sys-eng]

Removing the disk drives is my strategy also. It helps eliminate infections in RAM, corrupt BIOS, etc. The scans also run much quicker.

Every time I read a story like this, I wonder how people can charge $40 for virus removal and make any money. Some of these will take many hours to eradicate - - especially on a 500-GB disk drive.

I have had people call me and say so-n-so says he charges a $40 flat fee to remove all viruses, will you do it for that? I tell them to take it to so-n-so if they really trust him because I cannot do it.

 

[NYJimbo]

Removing the disk drives is my strategy also. It helps eliminate infections in RAM, corrupt BIOS, etc. The scans also run much quicker.

Every time I read a story like this, I wonder how people can charge $40 for virus removal and make any money. Some of these will take many hours to eradicate - - especially on a 500-GB disk drive.

I have had people call me and say so-n-so says he charges a $40 flat fee to remove all viruses, will you do it for that? I tell them to take it to so-n-so if they really trust him because I cannot do it.

If you are doing a scan in the shop I dont see the difference between a 30 minute scan or a 3 hour scan. I dont sit in front of the machine while it scans. It isnt tying up anything and it's less work to scan it on the live machine. I would only scan it on another box when I cannot boot it there or if there are other issues stopping me from doing so.

 

[ell]

Removing the disk drives is my strategy also. It helps eliminate infections in RAM, corrupt BIOS, etc. The scans also run much quicker.

Every time I read a story like this, I wonder how people can charge $40 for virus removal and make any money. Some of these will take many hours to eradicate - - especially on a 500-GB disk drive.

I have had people call me and say so-n-so says he charges a $40 flat fee to remove all viruses, will you do it for that? I tell them to take it to so-n-so if they really trust him because I cannot do it.

Right now in my town there is price wars going on because a new place just opened with flat $50 labor on ALL in shop work, its killing my business and apparently hurting everybody elses, I noticed a 17 yr biz with two locations suddenly advertising on Craigslist $49 flat rate. At least I'm home based with low overhead, but the phone doesn't ring at all now