cleaned pc using an antivirus:)

ok here is the situation a friend of mine told me his laptop was infected and coludnt use it so i told him to bring it to fix it
tools i used:Gmer,SAS,Mbam,Hitman Pro,Dr Web Cure it,WebRoot SpySweeper,ComboFix,prevx,Comodo Antivirus and avast Free

first Gmer didnt detect nothing and scaner took for ever ,then hitman pro could work properlly and was terminated by malware when scaning,Mbam could even open even if renamed to other name and in safe or any mode
then SAS after like a minute scaning got killed then DR web cure it say that found zero virus nice going then SpySweeper found 1 rootkit 1 rouges and 2 trojans but aster i hit remove it was terminated and uninstall by the malware this is not a test is real life situation then run comodo and said zero virus then prevx and prevx says in gree system secure no malware in system then here comes my only hope avast free
then install avast run a scan and it found 2 trojans,2 rootkits and send them tp the chest(quarentine)then i noticed no more redirection i was able to run all the scaners that got killed and after reboot i notice the speed of pc was back to normal,it was all good thanks to Avast Free Antivirus i am very impressed with avast

 

yeah I like avast alot. The boot time scan is a wonderful option. The network sheild also stops alot of malware from infecting. I used it with CIS v5 but it didn't detect alot of exe's. Not really sure why.

 

Use boot CD like Kaspersky to further check system state.

 

yeah take your pick with any boot cd, kaspersky, eset, avira, avast. I would be checking combofix and then hijackthis. You could also run MBAM and EAM emergency kit, now that you are able to run programs again.

 

For Avast did you do a normal scan or a boot time scan?

 

@ jmonge



Good job

How would the average person deal with that, they wouldn't

What OS browser AV did they have ? How were they set up ?

What are the names of the malware you found ?

Are you sure the MBR is OK ?

 

I am curious as to what AV and other security applications were being used, and if they were up to date.

If Avast found and removed the malware, it would appear to me that the user did not have an up to date AV. Avast is a good one, of course.
I am also surprised that the other applications mentioned did so poorly.

Regards,
Jerry

 

@jmonge.......man what if you would have started with avast......

 

No matter what AV you use, some will detect one kind and others won't. I've ran files through jotti and virus total and avira didn't catch something that bitdefender did. I've seen files that only avira found and only dr web found. Thats why alot of people preach layered defense. No matter what you have at least one time its going to miss something. Yes avira and prevx have high detection rates but its no 100% and probably never will be. Not unless virus writers give up trying to screw peoples systems. Of course if that does happen you might want to look up and see if pigs are flying.

 

I agree Avast is a fantastic product.

But keep in mind, no two situations/PCs/users are the same.

Next time when cleaning, if you use Hitman Pro, use its force breach mode, where you can hold the left ctril key + launching hitman pro, and it will terminate all non-essential windows processes, including rogue programs and malware (hitman pro should advertise this on the main screen, so more users are aware of this feature).

 

Ok that was the bomb! I just tried it out. It only found some cookies I didn't know about the force breach mode. Thats good stuff. I'll have to remember that for next time. Thanks saraceno.

 

Good Job dude and one more thing is that threat still quarantined if yes mind if you provide the MD5

 

@jmonge - you did a lot of work but your effort is worth nuts.
the security hole is still present and that system aint safe any longer.

► http://technet.microsoft.com/de-de/library/cc512587(en-us).aspx

 

jmonge, why did you simply not press the ctrl-button while starting Hitman pro? That would shut down ALL non required services and applications and let Hitman scan with ease without getting shut down.

 

J y did you not try avira
atleast good to know avast removed the crap though

 

all it is ok now thanks to avast and i did a normal full scan it took for ever but it did the job,also the program didnt get termiated also i re-run all scaners again and the system remain clean it was xp pro with ie 7 and they have Mbam pro real time only

 

i did try the bridge control in hitman pro but it was terminated my friend took the laptop already i forgot to see the malware names but the rootkits where sys and driver the system remain stable it is cure

 

i think that malware writer knew about the control breach and insted of terminating other services(malware for scaning) hitman pro was terminated very soon all of them fail only avast remain strong and stable
also i tried in same mode and the malware still works in safe mode and use msconfig tool and disable all posible services and only load diagnostic start up devices and services and still the 2 rootkits still do their evil work even with out internet
the very strange thing was that the browser worksso i took advantage and install avast very fast and scan also usb was correcpted
i was getting ready for a formatt but i wanted some thing different and it works

 

+1
Why not [suggest<->coerce] your friend to make an OS+programs and a separate data partition.
After installing and updating the lot, make an image of the OS+programs partition.
Show him how to restore the image and be done with it. This also guarantees the image. Perhaps write down the steps for future reference.

For average users who use their computer for 'everything' (including banking or other sensitive stuff), it's the easiest, fastest and most solid solution imo.
Next time a friend has a malware infection, you'll only have to remind him how to restore the image.

 

i did made an image for his system in case of emergency also i made some registry tweaks and put the good stuff in it like winpatrol i didnt do more as my friend wasnt paying me but i wanted to practise my litle knowdge

 

Did you get a name for the rogue?

 

it is a new one to be honest i forgot it's name but it is the first time i saw this one

 

Avast should have it's detection name in its logs.

 

my friend took the pc already man avast nail the malware like peace of cake