Friend's PC is toast!
Hey, I'm not a novice at removing infections and use to be a spyware/virus technician for a few companies but my friends pc is completely jacked with some horrible infections.
He had braviax.exe in his startup and also has Antivirus 2010 which I know is an infection among other thins on his computer.
He cannot get online, so I put a bunch of programs on a USB drive and put them on his pc.
90% of them cannot run. I cannot access any file on his desktop unless I use the task manager. He's got like 3 svchost in his processes which I know are infected but whenever I end the process I get some error saying the remote procedure bla bla bla and it shuts down the pc in under a minute.
Disabled his services in msconfig and startup files and went t safemode.
The programs I tried using which do not even open or if they open cannot run are:
Autoruns, (pisses me off I can't run this)
Combofix, (pisses me off I can't run this)
Hijackthis, (pisses me off I can't run this)
Killbox, (pisses me off I can't run this)
Was able to run Avast antivirus and told it to run before boot and it found one trojan (forgot to write the name down) and cleaned it but if I run it again it'll find it again. I'll try running it and copying the name down next time.
Ran spysweeper and it says the pc is clean which is bs.
Vundo fix and virtuavundobegone found nothing.
So I tried a lot of different things and even went through the registry to remove all variants of braviax.exe but the problem about me not being able to use the scans I want to use is still present.
Lastly, I tried process explorer and it works but when I try to suspend those damn svchost.exe files I cannot use the taskmanager anymore and that's the only way I can browse around the system.
Therefore, if any of you are really technically inclined any help will be useful since I'm a nose hair away from saving his data and formating his pc!!
YOur best bet would be combofix,
But if it is that bad off I would reinstall. The chances of it working correctly after that bad of an infection are slim...
The only two programs I would need to fix this issue is killbox and autoruns, but combofix would have helped a lot as well. I'm about to format it but as a tech I'm very very stubborn, and try everything before I format!
dudeabides gave me a tip though, and said I should try to take the hd out and put it in another pc. (my friend's pc is a dell inspiron notebook and i have one as well) So I'll try that since he said he had a similar problem and someone did that and it worked.
Who knows, but it can't hurt to try that if i'm going to format it anyways.
True, that may work. I am pretty stubborn myself when it is my PC, but if I am fixing other people's it is usually for money and then I am going to minimize my cost and do the easiest thing to fix their computer while saving their data if I can.
I have several programs that I use to remove the trojans and viruses. I would try Trojan Remover as well. It is a small program that the virus makers sometimes forget to block from updating and it lets you get enough of them off to get something like Malwarebytes(my favorite) on there to do some real removal.
Also you may want to try an online removal program...let me see if I can find the one I had to use last time...hmm..can't seem to find it. There was a free online removal tool somewhere but I can't remember what it was called.
I'm at work now and can't check those links but I'll check them when I get home...thanks.
I can't get online though with his system, so trying an online scanner is out of the question. I just want to nuke the damn thing now!
And I'm like you, when people pay me I minimize my cost and save their data and format, and then create a ghost backup on cd, once everything is clean with all their data on it.
But when I fix good friend's pc's I treat them like my own.
Oh, and I'll try trojan remover. I tried Trojan Hunter which use to be free, but now when I scan his system it says it found 2 infections and forces me to buy it to remove them, which is ghey! :sarcastic12:
IMHO, once those varmints are memory resident they are pretty hard to stamp out.
I typically will gank the sys drive outta the PC and hook it up to mine via eSata then run any kind of anti virus utils on em. This way, the sigs of the trojans & virii can be id'd & nuked in one swift blow.
Its also good practice to keep your sys drive clean from any data ... like pictures, home vids, personal docs... so that you can schedule an image and rollback if necessary to a prior clean state. I usually have a separate physical HDD for the OS... and its usually a small partition too... say 100 GB... then the other 900 can be used for disk images of the OS + any other kind of static data (so that the disk doesnt thrash when paging memory out).
I even leave detailed instructions on what they should do and they don't even run the scans I put on and check tons of streaming sites, so it's their own fault.
But that was some very good info, so I repped ya!
You ran Smitfraudfix in safemode right? And did the cc cleaner it has? I'm suprised it didn't remove them.
|All times are GMT -4. The time now is 11:58 PM.|
Powered by vBulletin Version 3.6.8 , Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2