I recently suffered an adware/malware attack on my Windows XP SP2 computer. After running MBAM and SAS in succession as well as Smitfraud fix and SDfix, most of them were gone. Now upon starting up, scans with both MBAM and SAS reveal no dangerous files. However, when I connect to the internet my McAffee stops and cleans a trojan it calls Tcad-Crypted. At this point another scan with MBAM shows nothing, but SAS returns with Rootkit.RunTime3/WinCtrl32.Process. The files are quarantied and removed and the system reboots. This annoying trojan comes back every time. Here is the SAS log, post-internet connection:
SUPERAntiSpyware Scan Loghttp://www.superantispyware.com
Generated 06/07/2008 at 10:40 PM
Application Version : 4.15.1000
Core Rules Database Version : 3477
Trace Rules Database Version: 1468
Scan type : Custom Scan
Total Scan Time : 00:02:11
Memory items scanned : 0
Memory threats detected : 0
Registry items scanned : 4964
Registry threats detected : 6
File items scanned : 0
File threats detected : 1
The file listed from the System32 directory always has a different entry where WINDL70.SYS appears.
The memory scan and file scan sections don't return any dangerous entries so I scan only the registry because it's faster.
I don't know if my McAffee is messing with the virus scans by catching the trojan and cleaning, but I am reluctant to disable it and let the trojan communicate.
I have looked through the existing threads and haven't found any specific mention of this particular problem. Any help would be greatly appreciated.