Cleaned out temporary internet files and temp files. Ran Ad-Aware and got rid of one thing. Ran Spybot and found nothing. Ran Malawarebyte’s Anti Malware. Have Windows firewall enabled. Did a thorough Avast scan in Safe Mode and found things infected by Win32:FakeAlert-AJ [Trj] and c:\windows\system32\wini10841.exe and suspicious file found at c:\windows\system32\Drivers\svchost.exe Type Rootkit: hidden process.
I’m getting confused as to what problems I have left but keep getting two popups from Avast when I reboot and pick NO ACTION and Avast doesn’t activate it. Everything is working good then. Some things I was able to Move to Chest and some I was able to Move and Rename with a .vir extension. This one Avast was not able to repair and when I renamed the extension to .vir and rebooted, just got blue blank screen:
C:\Windows\System32\wini10841.exe is infected by Win32:FakeAlert-AJ [Trj].
So I had to reboot using F8 and pick Last Known Good Configuration and that is where I am at.
Also have 7 svchost.exe’s in Task Manager: 4 System, 2 Network Service, 1 Local Service. I had 8 but renamed one that had my name next to it in Task Manager to c:\windows\system32\drivers\svchost.vir. Rebooted and this went away and caused no problems. Two of them are in the Prefetch directory. Three of them are in locations I read would normally be there: c:\windows\system32\svchost.exe; c:\windows\ServicePackFiles\i386; and c:\windows\$NtServicePackUninstall$. I may have solved the problem by renaming that one but wonder why there are 7 listed in the Task Manager.
Sorry this is so long. Should I do a Hijack Log? I’m afraid to try some of these other things you mention…McAfee AVERT Stinger, Housecall Anti Virus, Panda Anti Virus, Bit Defender in case it deletes something I need. I had turned off Restore feature, rebooted and created one restore point. I’ll wait further advice.
Edited by Orange Blossom, 04 November 2008 - 01:02 AM.
Move from HiJack This forum to Am I Infected as there are no logs. ~ OB