Question : Post AV 2009 removal problems

I recently did work for a client who had the Antivirus 2009 virus show up on their PC. After the removal of the virus and all signs of it, the PC hasnt been the same since. Most programs will not open, and when I try to view properties of a file or icon, I get nothing. So, on the surface, it looks as though everything is ok, you can browse the PC and open very few programs. I can however boot into safe mode and everything is fine. Ive tried doing a system restore as well and that also hangs and says that it cannot be done.

Answer : Post AV 2009 removal problems

Nothing evident in that log. Though I can understand how this thing got infected, and who knows what else is lurking as there is no Antivirus running, or any security software from what I can see.

Do you still have the log from when you run MBAM and cleaned the machine? Post that if so. I would guess the TDSSERV rootkit is at work here.

Also, did you run combofix? Along with doing a great cleaning job, combofix will reset many of the default system settings that may have been corrupted. It's definitely worth a try as you are looking at a wipe and clean any way....I would do it.

Download ComboFix from either of these links to your Desktop.
http://subs.geekstogo.com/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. *
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

* The link below is a list of programs that should be disabled. If yours is not listed and you don't know how to disable it, please ask.
http://www.bleepingcomputer.com/forums/topic114351.html

* Close any open browsers.
* WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
* Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
* If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

4. Double click on combofix.exe & follow the prompts.
NOTE: As part of the process combofix will now install the recovery console if required. It is recommended to do so in case of any major issues. This is not a requirement.
5. When finished, it will produce a report for you.
6. Please attach the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall

PLEASE ALSO NOTE: Combofix will typically fix most and sometimes all Malware entries but many times a script is also needed to finish cleaning up. So please keep CF until advised whether you need the script or not.

Random Solutions

dllhost.exe and 100% CPU utilization

Install SSL on CAS for Exchange 2007

Unable to connect to printer in Vista/XP peer-to-peer network

watchdog timeout

Set static IP based on current IP address

Simple SQL Query Date Command

SQL to VBA Syntax

How to rotate text 180º w/o using wordart?

Pattern matching in shell script

Please Advise, very urgent issue, Event ID: 8197, Event Source: MSExchangeFBPublish