Vista 2012 Rogue Antivirus: Malware

[Jonas]

Situation: Computer is infected with this malware and is running operating system Vista.

-Unable to start any program or install any executable file.

-Computer is connected to the network, still unable to browse.

-Tried to connect to the internet using safe mode with networking, failed.

-Created a new profile, still cannot connect to the internet.

Tried to reset internet explorer to default settings.

-Restarted the computer. After logging in, the computer shuts down.

-Tried to log in using some other profile/user account, just a white screen appears and nothing happens.

Aim: is to connect to the internet and install an executable file, how can we do it?

 

[Sushubh]

easy solution? reinstall 😕

complicated solution? look for a bootable cd that can run an antivirus with fresh definitions.

----------

Avira AntiVir Rescue System - Download

 

[Jonas]

Anything that has to be done, can be only done on the same computer 😀..thats the aim, to get the computer working in a state that enables us to connect to the internet and install an executable file.

 

[Sushubh]

use another machine to make a bootable USB with the ISO mentioned above. boot the infected machine using it and scan?

 

[Jonas]

No another machine is available.Consider the computer user to be a complete noob you are just guiding him over the phone.Your aim is to get remote of his computer by making him perform minimum steps on his computer.

 

[neevarp]

Are you able to run applications in safe mode? If so, run combofix in safemode. Certain malware may recognize combofix and hence it is better to rename it to something else like iexplore.exe That should fix the PC hopefully.

 

---

[Jonas]

If you cannot connect to the internet, how can you download a program on the same computer 😀The computer is quite screwed to be honest, the person tries to turn on Mcafee Real time Protection, it disables it.The infections can corrupt the winsock and other services as well.So, what I was thinking is to perform a clean boot to at least get over the shut down shit.And then repairing DHCP and Winsock services :disturbed:...any better ideas?

 

[neevarp]

Hmm.Yes. The infected PC is down at the moment. I was implying about downloading the fix through some other means (neighbor's / friend's PC) and running it in safemode in this infected machine. 🙂Combofix usually removes all traces of malware along with doing the necessary repair works.Try this, before opting for the easy way out - i.e. formatting / re-installing ..

 

[Jonas]

PC starts in Safe mode with networking but is unable to connect to the internet.Ipconfig and pings are correct. netsh winsock reset all - It ran successfully but, after power cycle the PC wont boot into the same profile again. Shows the login screen and the moment you select the profile, it will shut down.

 

[manu1991]

boot via any live CD like ubuntu. find the *.exe's and *.dll's related to the malware, delete them (run a virus scan: Scan a Windows PC for Viruses from a Ubuntu Live CD - How-To Geek) .then boot it into safe mode, run combofix via a thumb drive.

 

[AbhishekMSharma]

Download Microsoft Standalone System Sweeper and follow the instructions here. Then download TDSS Killer (Kaspersky's product) and run a scan.

I also had a trojan on my system some months back (more info here) and running MSSS followed by TDSS killer did my job.

Now my system runs better than ever. 😀