bad virus

tremmor

tremmor

Well-Known Member
I have a friend coming over with a computer this afternoon but need some ideas how to handle this. Interesting.

Cant access the internet, windows starts fine. can't clean the reg or restore or execute any exe files. said he tried starting in dos mode and won't let him. windows starts fine. can't goto dos from windows. Any ideas how to get started with this. I told him it was a bad one and not good. I have some boot disk here but said i would work on here only. I would not spend a lot of time with it. If needed it will be a wipe and full install.
any thoughts on whats going on? I mean he can't exe any program. virus, spyware program or nothing else.
thanks
 
First thing you will need to do is download rkill.scr onto a flash drive so you can run it on the infected computer. Rkill should stop the active process that is stopping the access to the internet and possibly the same infection that is stopping the exe files from running. After running rkill I would download and run combofix as it does sound like it could be very nasty. Then download and run malwarebytes after that.

I'm at work right now but will be home later if you need more help. I can't post download links from my phone.
 
Hi tremmor,

I`m kevinf80, i`m new here just joined. I found this site while researching some information. I `m a trained security analyst.
Try booting into safemode with networking. Re-boot your PC, as it starts tap the F8 key continuously until you see the Windows Advanced Menu screen. You will have several options, one will be Safe Mode with Networking, select that and follow the prompts. When you have a stable desktop do as follows :-

mbamicontw5.gif
Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Re-boot into Normal mode and run Malwarebytes again (quick scan) Post both logs in your reply.

Kevin
 
thankyou
i will do both if needed.
i have not received the computer yet.
im interested though.

and will reply.
 
Last edited:
He called up this morning and said he managed to start in safe mode. it was not with networking though. uninstalled some programs so far. he's scanning with malaware bytes and ccleaner. can access the internet now. Maybe everything is ok. time will tell.

On the othe hand what is the diff in safe mode (windows) and with windows with networking. i think i could always access the net or network with the first anyway.
 
Last edited:
You must log in or register to reply here.
Back
Top