Antivirus2009 kicking my butt

[kmillerusaf]

Happy New Years everyone,

Working on an associate's Compaq computer that is infested with malware/viruses, one of which is Antivirus2009. I was able to install Malwarebytes but cannot get it to load. Not even in safe mode. When I end processes related to AV2009, the computer restarts. It did let me run Ad-aware but the definition file is from March 2008 so I am not sure how much it's going to be able to detect and remove. Probably not much at all. I do not have one of those USB to SATA/PATA adapters at the moment either. Any other possible solutions?

Thanks all

[rjfvillarosa]

Your up against the wall a bit there, if it is that badly infected short of slaving the harddrive you are probably looking at a nuke and pave with a reinstall of Winblows.

[kmillerusaf]

I was fearful of that... Maybe I can buy one of those adapters from computergeeks.com like I've been seeing in some of the posts around here lately and scan the hotplugged HDD from my computer. I was just trying to get this thing back to him before the weekend. But I'm sure he won't mind how long it takes as long as it gets fixed.

[rjfvillarosa]

I have added a few links to adapters in this thread:

http://forum.pcmech.com/showthread.php?t=204049

You won't regret buying one, at least one of mine is in use almost everyday.

[kmillerusaf]

Ad-aware came back with virtumonde and some small stuff, scanning with AVG right now... still won't let me run MBAM though. Stupid thing. Thanks for the link, I will definitely get one to add to the tool kit soon

[not important]

I had a PC in my shop a couple of weeks ago with the Antivirus 2009.
I followed these instructions and got it cleaned out.
http://www.windowsvistaplace.com/ant...pyware-removal

[kmillerusaf]

Thanks notimportant, this guide really helped. I've gotten a lot of the junk off however there are still 2 issues. I cannot unregister the 2 .dll files (shlwapi and wininet) because I get an error saying "was loaded, but the dllregisterserver entry point was not found. this file can not be registered". Also, Malwarebytes still will not load Let's me install it, but will not run at all. I've cleaned the registry as good as I know how, deleted all the files, except the 2 dll's but I am not 100% finished yet.

[kmillerusaf]

Still waiting on the adapter to come in but the other night, the HDD ended up going into a endless restart, even when trying to get into safe mode. Is there any way to fix that or will getting rid of the malware eventually when I get this adapter fix the problem. Or is this an issue with the HDD itself?

Until you have removed the malware from the hd, there's no true way to tell what is really going on with it. AV2009 is a nasty bug and causes numerous issues with system's and I think once you have cleaned it, if possible, the hd will be fine. Malwarebytes is the tool of choice at the moment and Superantispyware has gotten better at being able to remove this bug, I would use them both' a nuke&pave may be your only remedy.

[kmillerusaf]

Yeah, I am really just waiting on this adapter to get in so I can scan with MBAM and SuperAntiSpyware... Hopefully everything will be restored to normal after that. This is a compaq I was working on so it came with XP pre loaded, so they don't have an XP disc

[glc]

It has a recovery partition that can be used to reload with.

http://h10025.www1.hp.com/ewfrf/wc/g...bph07145&lc=en

[kev7555]

In the future you can save a lot of time fighting this one by downloading SDfix. It removes this malware all in one shot, much quicker then anything else I've tried.

-Kev

[Panama Red]

Quote:

Originally Posted by kev7555 In the future you can save a lot of time fighting this one by downloading SDfix. It removes this malware all in one shot, much quicker then anything else I've tried. -Kev

I've never tried SDfix but I'm open for new options. Here's a note from BleepingComputer forums about using SDfix:

"It is important to note that you must be logged in as an Administrator and in safe mode in order for SDFix to work properly."

[kmillerusaf]

I'll keep that in mind for the future... Still waiting on the adapter... Haven't even gotten a shipping confirmation yet. Computergeeks.com is no Newegg.

[glc]

It will take at least a week to get it.

[kev7555]

It takes about thirty seconds to download SDfix....

[kmillerusaf]

I have to wait on the part because the drive is in an endless reboot right now and I don't want to use the recovery console just yet. I would like to get the malware off first.

[kmillerusaf]

FINALLY got the adapter and guess what... the drive might be dead now.

I attached to my computer and it recognizes it just find according to "safely remove hardware". it's in device manager under disk drives but I don't know how to scan it because "autoplay" never came up. I went to the volume tab in properties for the drive in device manager and tried to populate it but it said "status: unreadable". Am I screwed? This is getting worse and worse!

[glc]

What does Disk Management say about it?

[kmillerusaf]

Doesn't show up in disk management at all.

[glc]

If it's an IDE drive, jumper it CS.

[kmillerusaf]

It was originally CS so I tried Master... No dice on either


EDIT:

Put it back on CS and tried it twice... First time it didn't recognize... 2nd time now it recognizes!!!! Thanks glc, I'll keep you posted

[kmillerusaf]

So....

I finally got all the scanners (AVG, MBAM, SuperAntiSpyware) to come back as negative on their scans... So time to boot up to the O/S on its own right? Wrong. It still reboots when trying to g into windows normally or safe mode. Try to do a last known good config and that doesn't work either. Did a drive test through UBCD using DLG (since it's a WD HDD) and it came back with no errors. Anyone got any ideas on a possible next step?

Because of the malware you had, your Master Boot Record (MBR) might be corrupted. Follow the info on the link to repair it. http://pcsupport.about.com/od/fixthe.../repairmbr.htm

[kmillerusaf]

Sorry, I've been trying so many things, I forgot to update my thread.

I've tired fixmbr, chkdsk /r, fixboot and just now tried a repair install with a XP Home disc. I thought that would work for sure. The files copied over, asked me to reboot. Then it tries to reboot to safe mode and I get an error msg saying "windows setup cannot run in safe mode. setup will restart". So I think my last resort is a recover their docs, reformat, and reinstall :/

I agree, I can't think of anything else you haven't already done.

[kmillerusaf]

I think I was too late. I have a sneaky suspicion that the drive is dead and I wasn't able to get his files off in time. The adapter recognizes the drive in device manager again, but will no longer recognize it in my computer or disk management. Also, about 50% of the time, when I first plug in the adapter, the drive makes 3 screeching sounds about 3 seconds apart from each while it's trying to read. Can someone just tell me the drive is dead so I can move on or is there still hope?

Based on what you've said that drive is dead. Since you've gotten clean malware scans on that drive, you could try booting up your computer with the drive already slaved and see what happens.

[kmillerusaf]

I guess I could try that... But trying to boot it from the computer it came with, didn't yield any results... just the constant reboot after halfway making it into Safe mode. That's what concerns me though. If the drive was dead, I would think, it wouldn't boot at all.

Have you tried running the manufactures diagnostics tool on the drive?