Penny Arcade Forums Games and Technology Moe's Stupid Technology Tavern
As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/
Options

Tenacious Malware issue

GermsrosolinoGermsrosolino Registered User regular
edited April 2012 in Moe's Stupid Technology Tavern
Hey guys, been a while since I've posted anything (been deployed overseas for the army), but I need a little help with a buddy's computer. He had some malware on there, and I used a manual install of malwarebytes to purge the system of it, then we ran some more scans with MBAM and Spybot, until nothing more was found. So that's all fine and dandy. The issue is that he still can't access internet on the computer. I've checked to make sure there were no changes to the DNS settings and that it's not running through a proxy. I've reset his internet settings, cleared temp files associated with internet, and even did a full uninstall and reinstall of his browsers. Still no go. Anyone have any ideas what could cause it? Something I missed? Please and thank you.

Germsrosolino on

Posts

  • Options
    stigweardstigweard Registered User regular
    Make sure there are no proxy settings left in the browser that shouldn't be there- reset the browser settings to default, and verify the lmhosts file. Check out the size of tcpip.sys. If it isn't the correct size he most likely has some variant of zero access. You should also check for rootkits as mbam doesn't do a very good job with them. For the former, you can substitute the correct file from another computer with the same operating system, or you can try doing a system restore to a point before the malware appeared (hard to know in some cases). Be sure to check out the thread in this forum for better instructions.

  • Options
    TL DRTL DR Not at all confident in his reflexive opinions of thingsRegistered User regular
    Yeah, check IE's LAN/Proxy settings and also the etc/hosts file to make sure there are no weird entries.

    Also, run TDSSkiller from Kaspersky. It will take care of the issue if you're dealing with a rootkit.

  • Options
    GermsrosolinoGermsrosolino Registered User regular
    no rootkits found. not seeing any proxy settings in there, tcpip.sys file looks normal. dammit. this is rather annoying. also, he doesn't have any system restore points, because people around here don't take care of their computers.... at all.

  • Options
    TychoCelchuuuTychoCelchuuu PIGEON Registered User regular
    sfc /scannow in command prompt.

  • Options
    electricitylikesmeelectricitylikesme Registered User regular
    At this point I'd say if you can, you should just format and reinstall. Backup data files only, and do that. If you consider that he might do internet banking on their or something at some point, then you'll never be entirely sure that you got it all.

    It also has the benefit that you just nuke all these little problems from orbit and start over.

  • Options
    GermsrosolinoGermsrosolino Registered User regular
    i actually told him that was the next step, just thought i'd check with you guys, in case i missed something. thanks for all your help

Sign In or Register to comment.
Penny Arcade Forums Games and Technology Moe's Stupid Technology Tavern