Let my guard down for one millisecond at TitanTV.com and stupidly allowed ActiveX control to load. Antivirus 2008 was installed and started its business (among other things, seems to have installed mrinfo.exe). Shut down the computer as rapidly as possible then rebooted in safe mode and renamed a few files in the Windows folder that showed up with a time stamp at the occurence. Probably, rebooted a couple of times to note I was still infected. Removed the drive to an external case and scanned it with TrendMicro and Kaspersky online scanners. Also scanned it with Windows Defender and maybe something else. Reinstalled and booted the drive to note that the O/S still didn't look right - desktop wallpaper in particular was not as expected. Opened Control Panel 'Display' app to note the tabs weren't right - in particular, the one to change wallpaper was missing + at least one other. Edited group policies to try to unhide them, then hacked the registry to remove wallpaper and obvious virus screen saver (although I couldn't find the files they pointed to - even with Explorer set to show hidden and system files/folders). (Late note: I should have also said that another symptom was the message that 'Task Manager has been disabled by the Administrator' or something like that. I managed to reactivate TaskMan by either group policy editing or hacking in the registry per some MS KB article.)
The wireless and wired network connections don't get an IP address and the Delete context menu item is grayed out. I was able to get rid of the wireless connection by removing the hardware in Computer Management. After reinstalling the hardware, was able to set up a new network connection, but it doesn't get an IP. Wired connection is in the same state, as is Hamachi (even after uninstalling Hamachi). Giving the wireless connection a manual IP address then shows status as connected, but the connection doesn't work.
This machine has two bootable partitions and the infection was to the secondary boot. As little as I want to, I can cream that partition and start over, but I'd rather not. What are the chances my primary boot has survived without infection? I have not booted it since the original problem. Has anybody heard of a virus infecting the non-current system drive in this type of situation? To be clear, both partitions are on the same physical hard drive with C: being the main and D: being the one I've messed up.
Edited by Syringa2, 16 July 2008 - 02:14 PM.