Buggered up PC

From: Chris (CHRISSS)25 Jun 2011 20:42
To: Ken (SHIELDSIT) 4 of 43
I'll try Malwarebytes and see what happens. That seems to be what John's link fixed a similar issue with too. Nothing in the proxy settings. It seemed ok yesterday when I was looking for Spybot and SAS but today it's not working well at all.
From: graphitone25 Jun 2011 20:53
To: Chris (CHRISSS) 5 of 43
Aye, I've used malwarebytes in the past and it's always served well, that combined with spybot and CCleaner makes for a fairly tidy system.
From: Chris (CHRISSS)25 Jun 2011 21:13
To: ALL6 of 43
Thanks all. Malwarebytes is scanning the computer at the moment so hopefully that will get things back to normal. If not I'll have a look at that malware removal guide.
From: graphitone25 Jun 2011 21:31
To: Chris (CHRISSS) 7 of 43
If you can find the .exe name of the process (providing it's not disguising itself as iexplorer or something equally inncocuous) then you could try googling that, there's loads of removal kits available for specific malware.
From: Chris (CHRISSS)25 Jun 2011 22:01
To: graphitone 8 of 43
Hmm. Malwarebytes didn't detect anything dodgy. I've looked in the task manager and not noticed anything out of the ordinary so there's ether something not running or hiding itself well. This could be fun to sort out :(
From: Ken (SHIELDSIT)25 Jun 2011 22:05
To: Chris (CHRISSS) 9 of 43
I haven't had much luck lately getting those things off, I usually just back up the data and reformat.
From: graphitone25 Jun 2011 22:14
To: Chris (CHRISSS) 10 of 43
Anything strange in the msconfig startup?
From: Chris (CHRISSS)25 Jun 2011 22:26
To: graphitone 11 of 43

A couple of things which I have disabled in the past, nothing new. I disabled all of the startup items yesterday just to be sure.

 

Running through a malware removal guide now and combofix.exe has found a .sys file patched with a rootkit. It's rebooting now so see if it helps.

 

I wish it was easier to switch between VGA and DVI on my monitor.

From: Ken (SHIELDSIT)25 Jun 2011 22:31
To: Chris (CHRISSS) 12 of 43
rootkits blow. Good luck!
From: Chris (CHRISSS)25 Jun 2011 22:51
To: Ken (SHIELDSIT) 13 of 43
Great things aren't they? This is the worst infection I've dealt with since my parents computer had XP Antivirus 2008 on it. I'm sure at some point I'll have to sort out Sian's grandfather's PC which is running sooooooooo slow for some reason. It's a Vista machine which used to work fine but literally takes about a minute to load IE and trying to browse websites is unbearably slow.
From: Chris (CHRISSS)25 Jun 2011 23:33
To: ALL14 of 43
I think Combofix has sorted the problem. It found a few rootkit infected files and now links in Google/Bing go straight to the correct website. Wonder how me managed to bugger it up so well.
From: Ken (SHIELDSIT)25 Jun 2011 23:50
To: Chris (CHRISSS) 15 of 43
Good deal, glad you got it fixed!
From: Chris (CHRISSS)26 Jun 2011 08:41
To: Ken (SHIELDSIT) 16 of 43
Me too :D
From: Chris (CHRISSS)26 Jun 2011 22:44
To: ALL17 of 43

Oh, FFFF!

 

I just sorted out my grandfather's PC and now my dad just rang to say his computer isn't letting him do anything. I've just remote desktoped into it (surprised it let me change the settings to do that) and it has Win 7 Antispyware 2012 (it's from the future) blocking most things from running and being a total nuisance.

 

This is the second time I've had to sort out this for them now. The last one was XP Antispyware 2008 which did a very similar thing and was a total nightmare to sort out.

 

Grrrrrr!

From: Drew (X3N0PH0N)26 Jun 2011 23:00
To: Chris (CHRISSS) 18 of 43
http://www.ubuntu.com/download/ubuntu/download

(Seriously, for anyone who doesn't play games and uses their PC for web/email/office stuff, you really may as well. Firefox/Chrome, Thunderbird, Libre Office and you're away)
From: Chris (CHRISSS)26 Jun 2011 23:03
To: Drew (X3N0PH0N) 19 of 43
:D Good idea. There can't be much/anything that they do that wouldn't work with that.
From: Drew (X3N0PH0N)26 Jun 2011 23:06
To: Chris (CHRISSS) 20 of 43
^___^

(Or maybe Mint if you think a more windowsy interface would be better: http://www.linuxmint.com/download.php )
From: Chris (CHRISSS)26 Jun 2011 23:18
To: Drew (X3N0PH0N) 21 of 43

I might not do that this time but if I have to sort out anything quite as painful again I might suggest it to them. The only issue I might have with it is if things do go wrong with it because I haven't done much with linux.

 

Currently running Malwarebytes on their PC. Had to run the command prompt as administrator to stop Win7AS2012 from blocking it and could use that to run taskmanager to disable it. I seem to have removed the main issue but now when clicking on .exe files (unless they're run as admin) I get a dialog asking what program I want to use to open this file. hopefully Malwarebytes will fix that.

EDITED: 26 Jun 2011 23:19 by CHRISSS
From: Ken (SHIELDSIT)26 Jun 2011 23:23
To: Chris (CHRISSS) 22 of 43
It wont fix that but if you google for the registry settings for exe files you should be able to download the bit of registry that's corrupted. I had that issue on a pc I was working on a few weeks ago.
From: Chris (CHRISSS)26 Jun 2011 23:29
To: Ken (SHIELDSIT) 23 of 43
I shall have a look for that then, thanks. Bloody pain in the arse some of these nasty programs.