Vista 2012 Rogue Antivirus: Malware

Messages
9,932
Location
Delhi
ISP
Airtel
Situation: Computer is infected with this malware and is running operating system Vista.

-Unable to start any program or install any executable file.

-Computer is connected to the network, still unable to browse.

-Tried to connect to the internet using safe mode with networking, failed.

-Created a new profile, still cannot connect to the internet.

Tried to reset internet explorer to default settings.

-Restarted the computer. After logging in, the computer shuts down.

-Tried to log in using some other profile/user account, just a white screen appears and nothing happens.

Aim: is to connect to the internet and install an executable file, how can we do it?
 

Sushubh

Admin
Staff member
Messages
381,442
Location
Gurgaon
ISP
Excitel
Airtel
easy solution? reinstall :confused:

complicated solution? look for a bootable cd that can run an antivirus with fresh definitions.

----------

Avira AntiVir Rescue System - Download
 
Messages
9,932
Location
Delhi
ISP
Airtel
Anything that has to be done, can be only done on the same computer :D..thats the aim, to get the computer working in a state that enables us to connect to the internet and install an executable file.
 
Messages
9,932
Location
Delhi
ISP
Airtel
No another machine is available.Consider the computer user to be a complete noob you are just guiding him over the phone.Your aim is to get remote of his computer by making him perform minimum steps on his computer.
 

neevarp

Regulars
Messages
1,498
Location
Trivandrum
ISP
Asianet DOCSIS 3.0
Are you able to run applications in safe mode? If so, run combofix in safemode. Certain malware may recognize combofix and hence it is better to rename it to something else like iexplore.exe That should fix the PC hopefully.
 


Messages
9,932
Location
Delhi
ISP
Airtel
If you cannot connect to the internet, how can you download a program on the same computer :DThe computer is quite screwed to be honest, the person tries to turn on Mcafee Real time Protection, it disables it.The infections can corrupt the winsock and other services as well.So, what I was thinking is to perform a clean boot to at least get over the shut down shit.And then repairing DHCP and Winsock services :disturbed:...any better ideas?
 

neevarp

Regulars
Messages
1,498
Location
Trivandrum
ISP
Asianet DOCSIS 3.0
Hmm.Yes. The infected PC is down at the moment. I was implying about downloading the fix through some other means (neighbor's / friend's PC) and running it in safemode in this infected machine. :)Combofix usually removes all traces of malware along with doing the necessary repair works.Try this, before opting for the easy way out - i.e. formatting / re-installing ..
 
Messages
9,932
Location
Delhi
ISP
Airtel
PC starts in Safe mode with networking but is unable to connect to the internet.Ipconfig and pings are correct. netsh winsock reset all - It ran successfully but, after power cycle the PC wont boot into the same profile again. Shows the login screen and the moment you select the profile, it will shut down.
 
Messages
4,215
Location
Mumbai, India
Download Microsoft Standalone System Sweeper and follow the instructions here. Then download TDSS Killer (Kaspersky's product) and run a scan.

I also had a trojan on my system some months back (more info here) and running MSSS followed by TDSS killer did my job.

Now my system runs better than ever. :D