Help with this little bug_ger

**maximus01can** · April 13th, 2009, 03:11 PM

Howdy All,

Appears as though my daughter got a little bugger on my box that's causing some grief, but nothing catastrophic. Sympoms: Slow logging into profiles and only displays wallpaper for quite a while, won't let AVAST update or download newer version, turns off the automatic updating from Windows Security and probably a couple other things that I havn't found out yet. The problem is I logged onto windows in safe mode with networking, downloaded updates for AVAST and Spybot Seach and destroy. Proceeded to run SS&D with several trojans found and one in particular I remenber was some sort of "Windows Update Bypass" something or other. Nuked all those, immunized with the new database. Then ran Avast and it found a couple others. Set a boot time scan and it found some more stuff and Avast deleted them all, but I think the little bugger is re-installing itself with all this crap since when I log on as it seems to be back just as before with slow log on, windows update turned off, trouble getting to Avast site etc. etc. Any thoughts on where I should go from here? Takes quite a while to run all those app's just to have it reinstall all the little buggers once again.

Thanks in advance,

Cheers,
Max

**JLK03F150** · April 14th, 2009, 08:31 AM

Turn off System Restore. That will delete all the restore points that might be hiding the bugs. I noticed Avast had some issues actually deleting or moving bugs to the vault on an infected system. You may need to uninstall, then reinstall.

Also try Malwarebytes Anti Malware. Install it and do the first run in Safe Mode. It works well with the S-S&D/Avast combo.

Once you get done with all that run HiJackThis and post the log on their analyser.

**maximus01can** · April 25th, 2009, 02:02 PM

Thanks, running malwarebytes right now, but when I stated up in safe mode with networking, there was a pop up that said I had infections and go here and download blah, blah, blah to clean...........strange as I haven't seen anything like that pop up from safe mode.........Even though I had an internet connection and the firewall enabled for malwarebytes, it wouldn't let me download the updates........strange........but I'm running MWB now and I've downloaded the newest rules from a different box. I'll update when it's finished finding whatever it finds. At present it's looking as though there's 60 infected objects and counting. Whether it gets them all without the update I don't know, but I'll run again once I install the new rules.........I'm just afraid something is going to reload all this shit just like last time I used spybot and adaware........hopefully not. Any angles on the apparent malware running in safe mode would be appreciated.

Cheers,
Max

**maximus01can** · April 25th, 2009, 03:17 PM

Just a quick update, MWB ran and found 80 infected objects, looked at the quarantined items, made sure they ware all checked and clicked remove. Massage came up that Regedit had been disabled and will affect quarantining pricess, but also indicated that MWB anti-malware will now enable regedit. I rebooted as requested as there were some that would be nuked on the restart. Restarted normally, then shutdown and restarted in safe mode once again. At this point MWB was able to get out and download the updates.......Running once again and it found an additional 10 items........Restarted normally and it appears as though the same BS is happening again. Windows firewall disabled, automatic updates disabled, AVAST wouldn't start up like it normally does, couldn't update AVAST........So restarted again in safe mode, uninstalled Avast, downloaded ans reinstalled new version, updated detection files, and now running a scan and then I'll run MWB again........don't have much faith that this is going to nuke the little bugger though. If I can't get this little bugger out of there it's probably going to be easier and quicker just to reformat.........

Cheers,
Max