I need some help; removed a bunch of stuff but now I'm stuck

I’ll try to detail things as well as I can, though I’m going off of memory.

One of our workstations had no virus protection at all… I don’t know why. The user probably got tired of it popping up at them or something and removed it. They have to have admin for our inventory program to work. You see how smart of an idea that is… but it’s beside the point.

So, starting yesterday, Internet Explorer stopped working. A restart made it work, but at that point I put the trial edition of Avast on it until I could look up the correct access keys to get a full version on it and began a scan. It found something in memory and said it wanted to boot scan, so I let it.

The boot scan took like 9 years or so and cleaned everything… supposedly. On booting up now, the “My Documents” folder opens by itself. Not really a big deal. Internet Explorer would redirect Google searches and sometimes web addresses, ultimately displaying a “page cannot be displayed” error. I ran Avast again and it again said to do a boot scan. This took forever, so I decided I would be more forceful this time and told it to delete whatever it found.

Years later, we’re back in Windows, My Docs opens, IE still redirects all over the place. There’s tons of weird processes running in task manager, but I’d like to get Google running first then attack those one at a time. I run Avast again. It doesn’t suggest boot scan this time, but finds all manner of other things. I clean them. I run Avast again. It finds a bunch of the same things. I delete them. Now, IE immediately does some weird redirect that is too fast for my eyes to see no matter what site you tell it to go to, and will not function at all. Firefox works fine, so I updated IE to IE8 (previously it was IE7). No change. Sometime during all this we also installed Malware Bytes and it found and removed a bunch of trojans.

Since My Docs still opens and IE still doesn’t work, I’m 99% sure that either something was deleted that should not have been or there is still a virus that I can’t find. What should my next course of action be?


Welcome to the forums, waltandverns. :slight_smile:

Please download HijackThis from the link below. Do not download HJT to the desktop but instead download it into it’s own folder on the hard drive.

Run the program but do not make any fixes and then post the log results using the “copy & paste” method. It will probably take more than one post to be able to get the complete log posted.

OR, you can post it as an attachment to your post by clicking on “Additional Options…” below left of the posting box. Someone will review your log and then offer help.

http://filehippo.com/download_hijackthis/


Hi, waltandverns

I offer you to use a live (bootable) antivirus disc, there are one free called Avira Rescue System.

The Avira AntiVir Rescue System a linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to repair a damaged system, to rescue data or to scan the system for virus infections. Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer. The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available. You can download it from here.
After burn it to disc, use it to boot your computer and do a full scan and remove anything that it find.

then, back to windows, Download, install and update these programs (also it’s better if you download it using a clean computer):

Malwarebytes Antimalware: http://www.malwarebytes.org/mbam.php
SUPERAntiSpyware: http://www.superantispyware.com/
SpyBot S&D: http://www.spybot.info/

scan your computer using them, also try to immunize your windows using SpyBot S&D. During installation of SpyBot S&D disable all residents.
in SpyBot S&D, choose advanced mode view, go to tools and Hosts file, look if you see name of sites to you use, else than localhost you can remove other known sites :slight_smile:

I have to agree with CharleyO. since not even MBAM cured the problems, a HJT-log would be the next thing to do.