Posted 25 August 2007 - 01:05 PM
(I have not run scans in safe mode yet, perhaps I will do that immediately after posting, however, I have scanned HP notebook so many times in the last 4 days, I feel I am chasing ghosts.)
First, I noticed a change in the Task Manager, all the tabs that appear at the top of the TM box are gone. (Admin account only)
Now, I have severe hanging with most programs. Some that used to open in seconds now take 10 minutes.
I have run Norton, Spybot, Ad-AwareSE, ccCleaner, Spyware Doctor, and RegRun security suite. (all updated daily)
The only program that seems to detect any wrong-doing in my notebook is RegRun, all others claim everything is running perfect, minus a tracking cookie here or there.
RegRun5 tells me on reboot that I have 3 infected files, 16 questionable files, and 2 warnings.
The 3 flagged files are :
1. Kernel Auto Boot in Drivers; Windows\System32\Drivers\MCHINJDRV.SYS
2. Registry Run in Auto Start Apps; "Windows\System32\msconfig.exe"/auto
3. In memory - Running Process; Windows\System32\wininit.exe
I spent 2 hours and $100 with a remote access Symantec tech, (in both normal and safe modes) and the only advice he could give me was backup my files, and restore pc to factory stats. (which I did) I do not think it helped a smidge, as the notebook seems even slower now. (it was purchased only a month ago from HP site)
I use Vista Home, Symantec firewall, and run my spyware and AV programs daily on reboot.
What I understand of W32.Amend.A@mm is it is a replicating worm that will dump itself into file after file after file, which makes sense as my Spydog (part of RegRun Suite) gives me a list of 'changes' made to files and they are all seemingly good files that have something added to them which makes them poisin.
I hope this was not too much information.