Virus??

[Ryansta]

Hey guys
I've got a pc here at work thats being an idiot. It randomly crashes and restarts, It wont install anti-viruses and it wont install anti spyware. I've taken the hdd and scanned it in another pc with AVG 8 free, no viruses. I've stopped all services on start up(except windows one obviously). I've used advance system care to try fix broken registry, it found lots of probs and removed/fixed them, but theres no change. I've used hackthis and removed bad registries and nothing. Any thing else i could try?

 

[wishblade]

Sounds surprisingly similar to a rootkit issue I was investigating recently Do a rootkit scan using a proper scanner...

 

[Ryansta]

Tried the panda one but it stops the .exe as well. Cant do any scans

 

[LFX]

format c:

 

[Ryansta]

format c:

Customers... Not an option really. Crashes on sfc /scannow as well. *sigh*

 

[LFX]

run memtest

 

[kronoSX]

how does memtest work in this situation..its fubar
anyway lets try safe mode first

 

[SuperAntMD]

get a copy of ubuntu, run it off the livecd feature install avg or similiar and try scanning from there?

 

[N1sh]

do windows repair using the cd

 

[dequadin]

format c:

format c: /u/c

 

[kronoSX]

right uc

 

[wishblade]

Definately sounds malicious, especially if the panda exe fails but not other exe's.
Other rootkit scanners that are available for download:

http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe

If these fail to execute, then you could try run an online scan with a rootkit detection - let me know...

For the record though, I'm not claiming that it is a rootkit/malware issue, it just helps to make certain that its not...

 

[SirFooK'nG]

I had a similar virus just recently, couldnt update any apps online, not even ms updates. So I used another computer to download the "malicious file remover tool" from MS. Ran it and presto. Updated everything and scanned the crap out of my PC for two days!

By the way, the virus managed to infect my pc even though I have windows defender, ZoneAlarm Internet Security Suite and Netlimiter Pro Firewall enabled!

 

[wishblade]

By the way, the virus managed to infect my pc even though I have windows defender, ZoneAlarm Internet Security Suite and Netlimiter Pro Firewall enabled!

Could have been a new variant, or what I was thinking in the first place for the original issue: rootkit.

I did a technical read up on how the mebroot rootkit works, and I must say, it is pretty ingenious at staying under the radar. In simple terms, it performs a few tasks under the radar of AV scanners (no suspicions raised), and then when a reboot happens, it replaces your MBR with its own, which virtually means that it can do whatever it wants on your system without being detected. Pretty clever and obviously a lot of time went into designing it...

 

[spiderz]

Load Ubuntu, the Virus is called "windows"
/me crawls back under my rock.

 

[ace_rizzle]

sounds like this device needs a DBAN.

 

[wishblade]

And the issue was resolved, or not?