Friend's PC is toast! - MMA Forum - UFC Forums - UFC Results - MMA Videos
Technology Discuss your computer, operating system, hardware, software, etc. All the latest Technology including digital cameras, iPods, Blackberry, and pretty much anything else you can think of.

Reply

Old 10-02-2009, 01:25 AM   #1 (permalink)
Resident Drunk
 
MagiK11's Avatar
 
Join Date: Dec 2006
Location: Ottawa, ON
Posts: 3,535
MagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings System
Friend's PC is toast!

Hey, I'm not a novice at removing infections and use to be a spyware/virus technician for a few companies but my friends pc is completely jacked with some horrible infections.

He had braviax.exe in his startup and also has Antivirus 2010 which I know is an infection among other thins on his computer.

He cannot get online, so I put a bunch of programs on a USB drive and put them on his pc.

90% of them cannot run. I cannot access any file on his desktop unless I use the task manager. He's got like 3 svchost in his processes which I know are infected but whenever I end the process I get some error saying the remote procedure bla bla bla and it shuts down the pc in under a minute.

Disabled his services in msconfig and startup files and went t safemode.

The programs I tried using which do not even open or if they open cannot run are:

Smitrem,
Smitfraudfix,
Sdfix,
Autoruns, (pisses me off I can't run this)
Combofix, (pisses me off I can't run this)
Hijackthis, (pisses me off I can't run this)
Killbox, (pisses me off I can't run this)
Spybot,
Superantispyware,
Malwarebytes,

Was able to run Avast antivirus and told it to run before boot and it found one trojan (forgot to write the name down) and cleaned it but if I run it again it'll find it again. I'll try running it and copying the name down next time.

Ran spysweeper and it says the pc is clean which is bs.

Vundo fix and virtuavundobegone found nothing.

So I tried a lot of different things and even went through the registry to remove all variants of braviax.exe but the problem about me not being able to use the scans I want to use is still present.

Lastly, I tried process explorer and it works but when I try to suspend those damn svchost.exe files I cannot use the taskmanager anymore and that's the only way I can browse around the system.

Therefore, if any of you are really technically inclined any help will be useful since I'm a nose hair away from saving his data and formating his pc!!
__________________

1. BJ "The Prodigy" Penn
2. Dan "Hollywood" Henderson
3. George "Rush" St Pierre
MagiK11 is offline   Reply With Quote
Sponsored Links
Advertisement
 

Old 10-02-2009, 01:46 AM   #2 (permalink)
Clowns will eat me
 
Darkwraith's Avatar
 
Join Date: Jun 2008
Location: Cox's Creek, KY
Posts: 3,958
Darkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He Crosses
YOur best bet would be combofix,

But if it is that bad off I would reinstall. The chances of it working correctly after that bad of an infection are slim...

reformat, reinstall...
__________________

Thanks to Toxic for the Awesome Sig!

Even if the whole world is against you, one thing will never let you down. That thing is beer.



Darkwraith is offline   Reply With Quote
Old 10-02-2009, 12:16 PM   #3 (permalink)
Resident Drunk
 
MagiK11's Avatar
 
Join Date: Dec 2006
Location: Ottawa, ON
Posts: 3,535
MagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings System
The only two programs I would need to fix this issue is killbox and autoruns, but combofix would have helped a lot as well. I'm about to format it but as a tech I'm very very stubborn, and try everything before I format!

dudeabides gave me a tip though, and said I should try to take the hd out and put it in another pc. (my friend's pc is a dell inspiron notebook and i have one as well) So I'll try that since he said he had a similar problem and someone did that and it worked.

Who knows, but it can't hurt to try that if i'm going to format it anyways.
__________________

1. BJ "The Prodigy" Penn
2. Dan "Hollywood" Henderson
3. George "Rush" St Pierre
MagiK11 is offline   Reply With Quote
Old 10-02-2009, 12:54 PM   #4 (permalink)
Clowns will eat me
 
Darkwraith's Avatar
 
Join Date: Jun 2008
Location: Cox's Creek, KY
Posts: 3,958
Darkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He Crosses
True, that may work. I am pretty stubborn myself when it is my PC, but if I am fixing other people's it is usually for money and then I am going to minimize my cost and do the easiest thing to fix their computer while saving their data if I can.

I have several programs that I use to remove the trojans and viruses. I would try Trojan Remover as well. It is a small program that the virus makers sometimes forget to block from updating and it lets you get enough of them off to get something like Malwarebytes(my favorite) on there to do some real removal.

Also you may want to try an online removal program...let me see if I can find the one I had to use last time...hmm..can't seem to find it. There was a free online removal tool somewhere but I can't remember what it was called.

Good luck!
__________________

Thanks to Toxic for the Awesome Sig!

Even if the whole world is against you, one thing will never let you down. That thing is beer.



Darkwraith is offline   Reply With Quote
Old 10-02-2009, 01:36 PM   #5 (permalink)
Sexy as F
 
Evil Ira's Avatar
 
Join Date: Feb 2009
Location: Tyne and Wear, UK
Posts: 2,044
Evil Ira Is Beloved By AllEvil Ira Is Beloved By AllEvil Ira Is Beloved By AllEvil Ira Is Beloved By AllEvil Ira Is Beloved By AllEvil Ira Is Beloved By AllEvil Ira Is Beloved By AllEvil Ira Is Beloved By AllEvil Ira Is Beloved By AllEvil Ira Is Beloved By AllEvil Ira Is Beloved By All
http://remove-malware.com/how-to/how...e-disc-videos/
__________________

Quote:
Originally Posted by Evil Ira View Post
Top Five Ways to paper cut your balls.
Quote:
Originally Posted by name goes here View Post
4 trying to teach your willy to read
Evil Ira is offline   Reply With Quote
Old 10-02-2009, 02:17 PM   #6 (permalink)
Clowns will eat me
 
Darkwraith's Avatar
 
Join Date: Jun 2008
Location: Cox's Creek, KY
Posts: 3,958
Darkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He CrossesDarkwraith Is Respected By All He Crosses
Quote:
Originally Posted by Evil Ira View Post
Yeah I have a UBCD, but I do need to make me a new one and update it...
__________________

Thanks to Toxic for the Awesome Sig!

Even if the whole world is against you, one thing will never let you down. That thing is beer.



Darkwraith is offline   Reply With Quote
Old 10-02-2009, 04:58 PM   #7 (permalink)
Resident Drunk
 
MagiK11's Avatar
 
Join Date: Dec 2006
Location: Ottawa, ON
Posts: 3,535
MagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings System
I'm at work now and can't check those links but I'll check them when I get home...thanks.

I can't get online though with his system, so trying an online scanner is out of the question. I just want to nuke the damn thing now!

And I'm like you, when people pay me I minimize my cost and save their data and format, and then create a ghost backup on cd, once everything is clean with all their data on it.

But when I fix good friend's pc's I treat them like my own.

Oh, and I'll try trojan remover. I tried Trojan Hunter which use to be free, but now when I scan his system it says it found 2 infections and forces me to buy it to remove them, which is ghey!
__________________

1. BJ "The Prodigy" Penn
2. Dan "Hollywood" Henderson
3. George "Rush" St Pierre
MagiK11 is offline   Reply With Quote
Old 10-02-2009, 05:22 PM   #8 (permalink)
Lightweight
 
attention's Avatar
 
Join Date: Oct 2006
Location: Vancouver BC
Posts: 1,956
Blog Entries: 3
attention Is Beloved By Allattention Is Beloved By Allattention Is Beloved By Allattention Is Beloved By Allattention Is Beloved By Allattention Is Beloved By Allattention Is Beloved By Allattention Is Beloved By Allattention Is Beloved By Allattention Is Beloved By Allattention Is Beloved By All
IMHO, once those varmints are memory resident they are pretty hard to stamp out.

I typically will gank the sys drive outta the PC and hook it up to mine via eSata then run any kind of anti virus utils on em. This way, the sigs of the trojans & virii can be id'd & nuked in one swift blow.

Its also good practice to keep your sys drive clean from any data ... like pictures, home vids, personal docs... so that you can schedule an image and rollback if necessary to a prior clean state. I usually have a separate physical HDD for the OS... and its usually a small partition too... say 100 GB... then the other 900 can be used for disk images of the OS + any other kind of static data (so that the disk doesnt thrash when paging memory out).
attention is offline   Reply With Quote
Old 10-02-2009, 07:17 PM   #9 (permalink)
Resident Drunk
 
MagiK11's Avatar
 
Join Date: Dec 2006
Location: Ottawa, ON
Posts: 3,535
MagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings SystemMagiK11 Is Beyond A Rankings System
Quote:
Originally Posted by attention View Post
IMHO, once those varmints are memory resident they are pretty hard to stamp out.

I typically will gank the sys drive outta the PC and hook it up to mine via eSata then run any kind of anti virus utils on em. This way, the sigs of the trojans & virii can be id'd & nuked in one swift blow.

Its also good practice to keep your sys drive clean from any data ... like pictures, home vids, personal docs... so that you can schedule an image and rollback if necessary to a prior clean state. I usually have a separate physical HDD for the OS... and its usually a small partition too... say 100 GB... then the other 900 can be used for disk images of the OS + any other kind of static data (so that the disk doesnt thrash when paging memory out).
That's pretty much what I do on my own system knowing what I know about infections. But my friends are comeplete noobs when it comes to keeping their system clean.

I even leave detailed instructions on what they should do and they don't even run the scans I put on and check tons of streaming sites, so it's their own fault.

But that was some very good info, so I repped ya!
__________________

1. BJ "The Prodigy" Penn
2. Dan "Hollywood" Henderson
3. George "Rush" St Pierre
MagiK11 is offline   Reply With Quote
Old 10-02-2009, 08:57 PM   #10 (permalink)
The Revolution
 
SimplyNate's Avatar
 
Join Date: May 2007
Location: Ontario, Canada
Posts: 3,018
SimplyNate Is Respected By All He CrossesSimplyNate Is Respected By All He CrossesSimplyNate Is Respected By All He CrossesSimplyNate Is Respected By All He CrossesSimplyNate Is Respected By All He CrossesSimplyNate Is Respected By All He CrossesSimplyNate Is Respected By All He CrossesSimplyNate Is Respected By All He CrossesSimplyNate Is Respected By All He CrossesSimplyNate Is Respected By All He CrossesSimplyNate Is Respected By All He Crosses
You ran Smitfraudfix in safemode right? And did the cc cleaner it has? I'm suprised it didn't remove them.
__________________
SimplyNate is offline   Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

VerticalSports
Baseball Forum Golf Forum Boxing Forum Snowmobile Forum
Basketball Forum Soccer Forum MMA Forum PWC Forum
Football Forum Cricket Forum Wrestling Forum ATV Forum
Hockey Forum Volleyball Forum Paintball Forum Snowboarding Forum
Tennis Forum Rugby Forums Lacrosse Forum Skiing Forums
Copyright (C) Verticalscope Inc SEO by vBSEO 3.3.2
Powered by vBulletin Copyright 2000-2009 Jelsoft Enterprises Limited.
vBCredits v1.4 Copyright ©2007, PixelFX Studios