Virus deactivated windows and wiped device manasger.

A good friend of mine showed up at my doorstep this morning with his computer in hand saying windows decativated itself and his internet icon had a red X on it and he was unable to get online anymore.

After hooking iy up in my room and turning it on. sure enough it said windows was not genuine and could be counterfeit. It’s a gateway and has it’s own legit key on the case.

It gets to the desktop and sure enough no internet and also it says No AMD graphics driver installed or not functioning.

I go to device manager and it is completely blank. not one entry at all. Very strange.

I followed these instructions again:
http://forum.avast.com/index.php?PHPSESSID=gjrtlfq58cm82h8o3vnv65vnv1&topic=53253.0

and I’ve attached all 4 logs.

Thanks for any help
-=Mark=-

While I check the other logs, run AdwCleaner again press scan. Once it has completed select all and then clean

Well he appears to have every toolbar known to man… and then some :slight_smile:

Download the attached fix.txt to the poorly computers desktop
Run OTL and press Run Fix
A dialogue will open asking for the location of fix.txt
Locate the fix.txt you downloaded and select
Press Run Fix again

THEN

Please download Junkware Removal Tool to your desktop.

[]Right-mouse click JRT.exe and select “Run as Administrator” the tool will open and start scanning your system
[
]please be patient as this can take a while to complete depending on your system’s specifications
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[
]post the contents of JRT.txt into your next message.

FINALLY

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

I’m running ComboFix and it’s at stage 4 and it’s been over an hour. It says 10 minutes typically, maybe double that for badly infected systems.

Is it locked up?

I looked at task manager and it shows a file called pev.3xe*32 running. It says in description “pev” and using a steady 13%

Here’s the log files you requested. I just aborted ComboFix, rebooted, and ran it again with no issues the second time.

-=Mark=-
oops, I didn’t read your notes at the end. I must have clicked the ComboFix box while it was running. I reran it too.

awaiting further instructions.

What problems are remaining ? Is device manager working ?

Ron stopped by last night and said to go ahead and reinstall as he needed his computer now. I did a quick backup and secure erased the SSD and hopefully he’s good to go.

Thank you very much for all of the help. It is greatly appreciated.
-=Mark=-

Not a problem, at least he is happy now :slight_smile:

Point him to this blog http://blog.avast.com/2013/07/09/shady-practices-of-free-download-servers/ it may help him remain clean

Thanks for the link, I sent it to him and all of my friends and family to read, and sent it URGENT! lol

Thanks once again
-=Mark=-