3 replies to this topic

[RobC]

My wife's computer is infected with a very aggressive virus (possibly a new TDSS variant...) that has defeated the original McAfee virus protection and all system guards. All of the security tools have been disabled now, as well as Internet Explorer.
Per the instructions in the "I'm Infected" forum posting-
I tried installing and using Malwarebytes Anti-Malware MBAM tools, and also installing and running Avira Anti Virus. The infection is blocking the installation of MBAM (also posts a ballon), but I had been successful with loading Avira AV- but then it was quickly blocked and can't be accessed again. The saved log from Avira has dissappeared. I'm not sure if it helps but I was watching the Avira scan progress closely (in hopes it would be successful) and noted some of the detections it registered:
HTML/Malicious.PDF.gen
TR/Dldr.Fraud.Lo.sxm
ADSPY/AltnetB.4

This may be an ignorant question, but does Avira not quarantine or remove the malware it detects? Maybe I missed something on the program interface, but couldn't find that option, which is dissapointing since it was so difficult getting it to run because of the infection.

I had also had some Eldycow files show up when I ran Yahoo CA Anti-Spy- one of the few programs I was able to run before being totally blocked. They should have been quarantined and removed if Anti-Spy worked.

I haven't had any luck opening or running any removal tools, can't get HiJackThis to open and install, and now cannot even open Internet Explorer (all associated shortcuts that use IE now show as an unexecutable file type).

A rogue program calling itself "Protection System" is continually posting pop-up or fake security balloon messages that bog down the system while trying to work with the computer.

I posted this problem on the BartPE forum [http://www.nu2.nu/pebuilder/ ] and asked if there was any way to run the removal tools from a boot disk or command prompt, hoping I could beat the virus without running Windows. I'm not a tech expert but have a basic knowledge, and can catch on fairly quick- I'm just a little lost on how to begin. I want to make a BartPE (or other utility) CD-Rom that will allow me to install and run MBAM and removal tools, but I have a problem-

I am not sure where the Windows XP disk for my wife's computer is, and my laptop uses Vista so I don't know how to proceed.
I'm sure the windows installation files are somewhere on my wife's computer- I just don't know the exact file path, and the infection makes it hard to work in Windows without pop-ups and blocked access by the virus program.

How can I build a clean Boot CD, or PE CD that will allow me to install and run the Malware removal tools in a PE environment or some other work-around?

Thanks,

Rob

[prairie dog]

Already posted in the HJT log forum.

Please do not start multiple threads on the same topic. You will be taken care of in the HJT log forum. Thanks!

[RobC]

Sorry if that was a forum no-no,
I was under the impression that a different sorts of moderator/advisors worked different parts of the forum, hence the multiple posts in different areas. My intent was to get as broad a spectrum as possible for reviewing and input on the overall problem I'm having.
Since I can even install and run HJT in order to post a log in that section, I thought I should post the problem here.
This is one bear of an infection that has basically rendered my wife's computer into a useless box that sucks electricity.

[yardbird]

Hi RobC!

If you can't run or install in the HiJack-Log Forum, Please stay in that forum since all the tools to get you fixed up are in that HJK forum... when your all fixed up in the Hi Jack Log forum, feel free to post outside the HJK forum... regards...