Virus help needed!
Discussion
I'm trying to help a friend with a virus problem on his computer. Normally in his situation I would wipe the PC and reinstall, but unfortunately this doesn't seem to be an option - he has proprietary software from a company which doesn't exist any more, and he has lost the install media (yes - I've already told him he's an idiot).
We seem to have cleaned up the viruses using a combination of Malwarebytes, Spybot and drugged Mars Bars, and the pc is running quite normally, with one exception:-
Internet Explorer 8 won't work properly - sometimes it doesn't start properly (although there is one instance in Task Manager) - sometimes it does start (about 1 minute after double-clicking the icon, with 2 instances in Task Manager, which I understand to be normal). When you close Internet Explorer, the iexplore.exe instances keep running in Task Manager. Restart and 2 more appear - until there are mutiple versions running which kill the speed. There are no "ghost" verions starting which could be caused by viruses
, it's just that IE8 fails to close properly.
If we remove it, IE7 runs and works fine. Upgrade to IE8 brings all the problems back.
I've spent the whole morning on this, and my hand is creeping towards the big hammer. It seems that on this occasion, google is not my friend.
Can anyone suggest anything?
Thanks!
P.S. For the hard of reading - reinstall is on this occasion not an option
We seem to have cleaned up the viruses using a combination of Malwarebytes, Spybot and drugged Mars Bars, and the pc is running quite normally, with one exception:-
Internet Explorer 8 won't work properly - sometimes it doesn't start properly (although there is one instance in Task Manager) - sometimes it does start (about 1 minute after double-clicking the icon, with 2 instances in Task Manager, which I understand to be normal). When you close Internet Explorer, the iexplore.exe instances keep running in Task Manager. Restart and 2 more appear - until there are mutiple versions running which kill the speed. There are no "ghost" verions starting which could be caused by viruses
, it's just that IE8 fails to close properly.
If we remove it, IE7 runs and works fine. Upgrade to IE8 brings all the problems back.
I've spent the whole morning on this, and my hand is creeping towards the big hammer. It seems that on this occasion, google is not my friend.
Can anyone suggest anything?
Thanks!
P.S. For the hard of reading - reinstall is on this occasion not an option
Percy Flage: Would prefer to get IE up and running. Installing another browser seems to me a bit of a bodge (i.e. doesn't solve the problem). Would prefer not to get into a debate over the merits of different browsers.
VEA: Malwarebytes showed multiple entries of the following:
Worm Archive
Trojan.Fakealert
Malware.Trace
Rootkit TDSS
Rogue.SecurityEssentials
Rogue.SecurityEssentials2010
Windows Update seems also to be a bit borked, but I'm nervous about doing a windows repair install because of the issue with the special software he has installed.
I have also just seen that the hosts file has been modified and is much larger than normal, but all the entries claim to be inserted by Spybot and point to localhost (127.0.0.1), so maybe this is just a way to block as many known malware sites as possible. There are certainly some known dodgy names in the list.
VEA: Malwarebytes showed multiple entries of the following:
Worm Archive
Trojan.Fakealert
Malware.Trace
Rootkit TDSS
Rogue.SecurityEssentials
Rogue.SecurityEssentials2010
Windows Update seems also to be a bit borked, but I'm nervous about doing a windows repair install because of the issue with the special software he has installed.
I have also just seen that the hosts file has been modified and is much larger than normal, but all the entries claim to be inserted by Spybot and point to localhost (127.0.0.1), so maybe this is just a way to block as many known malware sites as possible. There are certainly some known dodgy names in the list.
BliarOut said:
Combofix is your friend 
Thanks for your reply.I've used Malwarebytes and Spybot. The PC is running much better now. I've looked at the Combofix web site and it seems to me to be a similar package. Do you think that it finds problems which Malwarebytes and Spybot have missed?
Hi everyone.
Thanks for all the replies.
I removed IE completely as VEA suggested, then reinstalled IE7, then upgraded to IE8. It seems to be OK now.
Malman - the PC is running normally and it's not making any unexpected outgoing connections (it's behind a firewall which logs outgoing and incoming connections, with only a selection of ports open). I'm not seeing any weird processes in Task Manager. Do I need to check any further?
Thanks for all the replies.
I removed IE completely as VEA suggested, then reinstalled IE7, then upgraded to IE8. It seems to be OK now.
Malman - the PC is running normally and it's not making any unexpected outgoing connections (it's behind a firewall which logs outgoing and incoming connections, with only a selection of ports open). I'm not seeing any weird processes in Task Manager. Do I need to check any further?
Edited by sunbeam_alpine on Tuesday 19th October 13:28
Last quick update - tried all the additional tools and they found nothing - so I'm hoping that he's OK. We're also going to be cloning his hard drive so that he's still got that program if his hard drive fails.
Thanks to all who made suggestions - I really appreciate the time you took.
Thanks to all who made suggestions - I really appreciate the time you took.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff