3 replies to this topic

[jlpeifer]

My friend has her system soooooo infected with Malware that I simply can't get enough of a foothold to even start the process of removing the infections from her system. Here's a list of the roadblocks I'm encountering...

• (FIXED) Double-clicking any .exe application in either normal or safe mode resulting in appearance of "Open with..." dialog box.
  
• Installed MBAM, but can't get it to run normally or in safe mode
  
• Cannot get HJT to run normally or in safe mode
  
• Attempts to use Explorer to access System Volume Information (to perform a manual System Restore) result in all Explorer windows being closed (including the desktop).
  
• Killing active SVCHOST apps result in automatic shutdown sequence. I've been able to overcome this by issuing a "SHUTDOWN -A" from the command prompt. SVCHOST apps re-appear on the task list shortly after killing them.

System is running XP Home.

I've helped a few people get out of their problems before and have never had to post here. This one has me painted into a corner.

I'm about to do a fresh install of the o/s, but I figured I'd bounce it off of the forum one time before I nuke the system.

[MysteryFCM]

I'd recommend wiping the OS. However, if you'd like to try and avoid that, remove the hard drive and put it into a clean machine as a slave drive, then scan it from there with MBAM and ClamWin (www.clamwin.com).

Once the infections are found, you can proceed to fix the .exe association with the following, then put the drive back and finish up the cleaning of any remnants and/or additional infections that may not be found when the drive is not actually running as normal.

.Exe fix for Vista (see the .reg file at the bottom of the article)
http://www.winhelponline.com/articles/165/...pplication.html

.Exe fix for XP
http://www.dougknox..../file_assoc.htm
http://www.kellys-ko...xp.com/xp_e.htm

[jlpeifer]

MysteryFCM... Yeah, the more I think about it, the more I'm convinced that wiping the o/s will simply take less time. I was hoping to get this cleaned just for the principal of the matter. I've never had a system stump me so badly that I couldn't even maneuver.

Thanks for your input.

[MysteryFCM]

You're welcome

As a rule, I generally wipe a system if it gets infected, it depends entirely on how bad the infection is (i.e. if there's a rootkit involved, it gets wiped as it's generally quicker as most have recovery media and/or recovery partitions, which takes 20 mins max + however long it takes to remove the drive and backup their personal files).