Posted 05 December 2008 - 02:39 AM
I was trying to help a friend get rid of some malware tonight and thought it was antivirus2009. It was definitely installed, but looked like a variation I hadn't seen before. It was basically saying the computer was infected. Allowing me to go to certain websites like google, but when I would click a link it would take me to info.com or something similar. Typing a URL in the address bar would result in a Google search. It is a Win XP pro SP3 machine. The computer was running McAfee Security Suite. I uninstalled it because I have never seen any use for a McAfee product. I could install AVG from a disk, but couldn't update. I couldn't install spybot with auto update setting on because it couldn't reach server, and would only give me the option to retry or cancel. I tried installing HJT from a disk by copying to desktop and double clicking. Nothing would happen. I would go to taskmanager and it wasn't running under applications, but it was in processes. This also occured when running malwarebytes. That was the most annoying part. I didn't have a working PC in the house to research on, but after looking around the web a bit I was wondering if it is the boot.sys that might not be allowing me to access "Helpful/legitimate sites". I have used these techniques in the past with success, but I don't know if this is a different animal or just something new thrown into the mix. Any suggestions would be wonderful. It's been a long and frustrating evening. I was able to manually delete some obvious infections from the directories and registry, but wasn't able to make any real progress.