ClassicMixup All American 3877 Posts user info edit post |
GF's laptop seems to be smitten...all files/folders have been hidden/moved...ransomware system fix pops up with a pay for fix type thing...might be bundled with some form of TDSS rootkit...here are the steps I've tried so far...
Rkill - Blocked with an Access Denied in the cmd but it still spits out a log saying it's ended the two system fix .exes
TDSSkiller- Doesn't pick up anything
Malwarebytes Anti-Malware- Ran it once early on but it didn't find anything...realized that the virus definitions haven't been updated (system fix is blocking those updates). Tried reinstalling in Safe Mode...gets to the last step in Setup before saying "Access is Denied" and then the setup fails. I've tried running Rkill right before with no luck.
McAfee Total Protection- Obtained a legit license through gf's family...ran it...picked up some of the files associated with system fix virus but didn't do jack to the .exes sitting in ProgramData.
PCTools' Spyware Doctor seems to pick up all of the virus but it's $40 to remove.
Any other free options out there to get rid of this thing? My time has been very limited as of late due to work so I'm trying to fix it with as little research as possible.
Gracias 12/5/2011 6:17:52 AM |
LickHer All American 1580 Posts user info edit post |
antivirus livecd? 12/5/2011 6:44:35 AM |
KillaB All American 1652 Posts user info edit post |
Hiren's Boot CD -> Mini Windows XP -> Update/Scan with one or more of the various tools it has preinstalled 12/5/2011 7:13:55 AM |
lewisje All American 9196 Posts user info edit post |
You can also try a Linux LiveCD if you have one; it should be able to mount that NTFS drive and pluck those .exes right out
then again Hiren's Boot CD is prolly better: http://hirensbootcd.info/ 12/5/2011 7:18:51 AM |
synapse play so hard 60940 Posts user info edit post |
1 - remove hard drive 2 - plug into another system via dock/adapter/internal cable 3 - run shitload of scans using the host computer 4 - replace hard drive 5 - run unhide to get all your files/icons/start menu back - details:http://www.bleepingcomputer.com/forums/topic405109.html 12/5/2011 8:44:49 AM |
Jeepin4x4 #Pack9 35776 Posts user info edit post |
have you tried ComboFix? 12/5/2011 10:48:11 AM |
FenderFreek All American 2805 Posts user info edit post |
Best bet when you are in this deep is to use a Linux LiveCD or another Windows machine to unlock/unhide and pull important data off. Once the important stuff is out, reformat, reinstall, and put your personal data back on the fresh install.
What's most annoying is that this shit just gets to be more and more of a pain in the ass every time I see it. You can't even effectively clean half the crap anymore. These days, you can spend hours doing the ol' cat and mouse game with some scareware coder, or you can copy your shit off and nuke it. I prefer the option that has the PC back up and running in the same day. 12/5/2011 12:05:06 PM |
ViolentMAW All American 4127 Posts user info edit post |
I've had a rogue virus twice now. I got it again last night. That mother fucker does not play. I can't remember if it still got to me in safe mode last time but this time it did. I tried malwarebytes and another virus scanner but they didn't do shit. Had to run them in safe mode from the command line because it blocked them from running. The only thing that worked was system restore and it tried to block that too. 12/5/2011 5:33:40 PM |
Novicane All American 15416 Posts user info edit post |
HAwk-PE 12/5/2011 7:30:22 PM |
stevedude hello 4763 Posts user info edit post |
if you do decide to format & reinstall, make an image 12/5/2011 7:49:39 PM |
neodata686 All American 11577 Posts user info edit post |
Do you guys really look at that much porn? I don't think I've had a virus that wasn't caught/dealt with by MSE since college. 12/5/2011 8:13:45 PM |
ClassicMixup All American 3877 Posts user info edit post |
Update: I manually edited the registry to get rid of the faulty shit so that I could run Malwarebytes...deleted the .exes and used McAfee to clean up the rest.
Let my gf use my personal laptop today...she managed to contract it on my laptop as well
I'm fairly convinced it's stemming from her trying to view a video on a friend's church site...but her friend claims this can't be the case because her other friends didn't have a problem. Her friend's "tech savy" peeps said it's coming from a group powerpoint she has made for a class which was transfered to my laptop via a USB drive AFTER I had fixed her's...
What's the best way to trace where the .exe was downloaded/transmitted?
[Edited on December 5, 2011 at 9:42 PM. Reason : ibt that'll teach her to go to a church site] 12/5/2011 9:41:50 PM |
Punter16 All American 2021 Posts user info edit post |
ComboFix knocks this virus out in about 10 minutes if you run it under safe mode, you still have to go back in and manually unhide the folders in the user profile folder but the whole process takes about 15-20 minutes 12/5/2011 10:02:05 PM |
FenderFreek All American 2805 Posts user info edit post |
Repeat everything she did with the machine in a VM instance. See what breaks. 12/6/2011 7:48:57 AM |