3 replies to this topic

[hankmanz]

This topic was taken up awhile back, but there was a slight difference in that mbam could still be run.

The PC is running XP SP3 with all updates. IE 7. When I got the PC it had an out of date PC-cillin A/V installed which had last been updated six months before. No firewall of any kind. The complaint was that there were tons of popups. I figured that one of the fake spyware programs was running so installed and ran Anti-Malware which has been effective before.

The problem started with removal of System Guard 2009 with Anti-Malware. The worst of the problems (slow system, lots of popups) went away, but after running mbam once, I could no longer navigate to any of the effective malware removal sites such as malwarebytes, hijackthis, avast, avg, etc. Nor can those programs be run even if already installed. That includes mbam. The machine has apparently innoculated itself against further removal. Can run a few tools such as Ad-Aware and Spybot, but they turn up nothing awful. Have looked at all of the standard stuff like the hosts file. Cannot do an nslookup to check for redirection because with any of the virus/spyware removal sites, the window closes immediately. Have tried another browser. Same thing. This is below the browser level, apparently. A long manual search for files associated with System Guard is negative. Have tried various things in Safe Mode without luck.

Have tried several other spyware detection apps, but apparently if I can get to them and install them, they will not be effective. As previously stated, I cannot install or run any of the known effective tools.

Just to be clear--If I attmept to navigate to many sites, the browser closes abruptly. If I go to DOS and attempt to do an nslookup on a site like, say, avg, the window will close abruptly. If I attempt to run an app such as mbam, it will fail to start. If I attempt to reinstall an app, it will not install. The install windows starts to open, then closes abruptly.

Any thoughts short of blowing the disk away and starting over?

[hankmanz]

It was a long trek, but finally figured it out. After many false starts with various products, loaded a free program called SuperAntiSpyware which allows you to clean memory separately. Found vundo lurking in memory after boot and killed it. This solved the problem of not being able to navigate to various URLs. Then was able to update and run mbam to get the rest of the junk. Could then install antivirus and get the PC working correctly again.

[GT500]

You may also want to use one or more of the following online virus scanners to dig a little deeper:

Comodo Online Scanner
Kaspersky Online Scanner

[Electrobrandino]

Another thing that I do alot is either boot and safe mode and try it, or pull the HDD and slave it in a second pc to scan...have had to do this for many occasions where the virus would not allow MBAM to run. lol

SASW isnt too bad of a program either. I've used it in this case as well

GOOD JOB!