Need help from you guys on this.

iwanttosave_2

Hullo

A friends PC has ground to a halt after his brother was...looking at some sites...so said I'd have a look at it. There is a definate browser hijack on there, it wont let me even access google, it also wont let me run any programs such as malwarebytes, SS&D or hijack this normally, in safe mode or as admin.. Windows defender told me it was fine :rolleyes:

The only program I can run is avira which I've managed to get installed but crashes at 77%.

In the logs of Avira its found:

TR/crypt.xpack.gen.trojan
TR/TDss.yuz trojan
TR.Redol.C

All I can do is keep quarantining them.

Laptop is running on Vista

The only option I can think of now is moving on to combofix, any other ideas?

Marty_J

Can you run HijackThis and post a log?

iwanttosave_2

No, as I said in the OP it wont let me run it.

It shut down when I first tried installing it :rotfl: It just wont run any programs like that.

enigma52

can you do a system restore?

-TangleFoot-

Have you considered using a live CD preloaded with anti-malware software?

• UBCD4Win (some assembly required)
• Ultimate Boot CD
• Avira AntiVir Rescue System
• SystemRescueCd
• Dr. Web LiveCD

iwanttosave_2

God I'm trying to balance 2 laptops on my knee here. :rolleyes:

Tangle, that would be an option but I actually don't have any disks, we are waiting for a delivery. At the moment its a case of dragging and dropping with memory sticks

I've managed to get on the internet if I manually type in the address, just just Hijack this again and it keeps saying its not installed properly and to redo it and when you try it just reboots.

I have a resident shield alert popping up which I am alt-F4ing because I'm pretty sure its just the malware faking it.

-TangleFoot-

iwanttosave wrote: »

I actually don't have any disks, we are waiting for a delivery. At the moment its a case of dragging and dropping with memory sticks

Ever heard of UNetbootin?

iwanttosave_2

Oooh never heard of that one.

I even just tried SDFIX in safemode and wont let me execute the bat file.

Browntoa

download combofix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

on the good one , put it on the infected one , try and run it. If it will not run then right click and rename the file from combofix to cleanup , then try again

no nedd for recovery console like XP , on vista just install and run

same applies with malwarebytes , rename the exe file to something else

iwanttosave_2

Thanks BT, I'm just seeing if the AV can get passed where it got stuck, I've finally managed to uninstall AVG (wouldn't let me before) so hopefully it was just Avira conflicting with it.

I'll try the combo fix once if I get anywhere with it.

iwanttosave_2

Just to let you know ComboFix worked perfectly, Avira found 2 of them and Combo removed the rest, I can now launch the malware programs which will hopefully pick off the stragglers. It shall be going back with strict instructions that his brother is not allowed within 15 feet of the bloody thing.