Question : Post AV 2009 removal problems

I recently did work for a client who had the Antivirus 2009 virus show up on their PC. After the removal of the virus and all signs of it, the PC hasnt been the same since. Most programs will not open, and when I try to view properties of a file or icon, I get nothing. So, on the surface, it looks as though everything is ok, you can browse the PC and open very few programs. I can however boot into safe mode and everything is fine. Ive tried doing a system restore as well and that also hangs and says that it cannot be done.

Answer : Post AV 2009 removal problems

Nothing evident in that log. Though I can understand how this thing got infected, and who knows what else is lurking as there is no Antivirus running, or any security software from what I can see.

Do you still have the log from when you run MBAM and cleaned the machine? Post that if so. I would guess the TDSSERV rootkit is at work here.

Also, did you run combofix? Along with doing a great cleaning job, combofix will reset many of the default system settings that may have been corrupted. It's definitely worth a try as you are looking at a wipe and clean any way....I would do it.

Download ComboFix from either of these links to your Desktop.
http://subs.geekstogo.com/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. *
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

* The link below is a list of programs that should be disabled. If yours is not listed and you don't know how to disable it, please ask.
http://www.bleepingcomputer.com/forums/topic114351.html

* Close any open browsers.
* WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
* Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
* If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

4. Double click on combofix.exe & follow the prompts.
NOTE: As part of the process combofix will now install the recovery console if required. It is recommended to do so in case of any major issues. This is not a requirement.
5. When finished, it will produce a report for you.
6. Please attach the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall

PLEASE ALSO NOTE: Combofix will typically fix most and sometimes all Malware entries but many times a script is also needed to finish cleaning up. So please keep CF until advised whether you need the script or not.

Random Solutions

I have Joomla 1.5 installed, and installed DocMan plugin. Docman works in all respects except users cannot download files that are properly displayed. All files are 777 on the server. Any ideas?

Non-AD Logoff/Shutdown Script?

I want to restore a ghost image to multiple computers using a Gigabit network switch or 10/100 hub

IIS will install, but with errors and w3svc fails to run

IMPORT XML Data To Access 2003

Login problem running Crystal reports on webserver

Warning: Fatal error 7987

Out of office messages not being sent

How obtain a text selection in report like it is possible in Form

Multiple instances of RunDll32.exe on server