My OS: Windows XP Home Service Pack 2. Anti-mal installed: SuperAntiSpyware, AVG (Free Edition), MalwareBytes, SpybotSearch and Destroy, Spyware Blaster, Windows Firewall (yuk yuk yuk)
Recently I visited a website only to find out (too late) that it was poisoned. Immediately several nasty trojans (and worse) downloaded themselves to my PC. Fortunately, no data was lost (so far) and I still have control of my PC (for the most part). However, my internet connection is iffy and I keep getting these strange pop-ups when I'm offline bearing this message:
"No connection to the Internet is currently available. To view Internet content that has been saved on your computer, click Work Offline. Click Try Again to attempt to connect."
Naturally, I don't take the bait. Instead, I Ctrl-Alt-Del and shut down the pop-up message. That causes my desktop icons and Start-up bar to refresh as if I just re-booted. No data loss or anything missing, but if I had moved any of my icons during my current session, the refesh resets the icons to wherever they were when I first booted up.
Then... seconds later, I get the same message. "No connection to the Internet..." et cetera.
So I ran SuperAntiSpyware. That cleaned up my computer a little bit (lots of files quarantined and deleted), however, I still get the pop-up messages every thirty seconds or so. Then I ran Malwarebytes. That eliminated a bunch of malicious entries that SAS could not; however, two remaining items it identifies it cannot remove. These are: instbndlkeyldr.dll and instkey.dll, which are identified as Trojan vundos. Neither of the antivirus/antimalware programs I mentioned are able to remove these, nor can my AVG (not that I expected it would).
Another detail: I opened Spybot Search and Destroy in advanced mode and checked startup programs in System Tools. It identifies a strange .dll called iifefETl (last letter "L" as in "lemon"). Google indicates this is a Trojan, too, but does not provide any other information. If I try to uncheck this Trojan in System Tools, the file mysteriously re-checks itself so there's no way to prevent it from starting when I boot-up. Hmmmm...
Last thing: when I boot to safe mode, I do not get the pop-ups I mentioned and my computer seems stable. However, in safe mode of course I cannot log onto the internet. Regular mode is where I seem to be having all the problems.
Directions on how to proceed? I have recently downloaded Hijack This and your favorite and mine, Combofix, but have not installed either. Waiting for your instructons. Thanks.
Edited by zombiewhacker, 16 October 2008 - 05:27 PM.