Nothing is finding much. At first malwarebytes and another program found a few trojan registries but only while in safe mode- I'm sorry, I think I lost the txt files I saved from those logs. They did not find programs. I had Avast antivirus, now have Norton- neither found anything and whatever it is used the update links on them for itself. Tryed malwarebytes, trojan remover, trojan hunter, Spybot, Superantispyware. I've disabled a lot of services like remote desktop etc. - it's still there somewhere.
My mouse is doing small erratic things and I suspect my keyboard is hooked or whatever- snoopfree antikeyboarder seemed infected so I removed it and when I tryed to reinstall it the computer kept shutting down till I removed it again in safe mode. ...I doubt it's coming from snoopfree.
I've reformatted 3 times and it's come back as soon as I access the internet to update antivirus etc. I can watch it come in I think through the AV links in zone alarm. OR... could it be in my bios??
So far it has taken control of firefox, avast antivirus and then norton antivirus connections. Also tcpveiw and any other program which has any autoupdate or link to the net. Oh and it really liked Orbit downloader! It seems to have taken over something called 32 bit DIFx driver installer- installed a program folder for it and it also set up a firewall ip address within zone alarm as safe and used that to download/upload. The address in the zone alarm firewall setting is the same as or owned by the same people as the address that's attacking me. I forget which. I tryed deleting DIFx from "remove programs" and it kept coming back. Deleteing the program folder didn't work either. I reformatted the operating system and stopped internet DIFx permissions with zone alarm and that seems to have helped.
I have windows xp sp2 home edition and am not keen on downloading sp3 in it's entirety- not sure how buggy it is, and right now this thing probley won't let me anyway. It's formatted in NT (I don't know or understand this much at all or if it makes a difference). Asus M2000N notebook motherboard on a desktop. I tryed updating the motherboard drivers when I first got it but it was a mess- had to reformat.
My question is, not only how do I get rid of this thing, but also how do I block whatever hole it's using? I suspect the hole is the DIFx thing. After reformatting it uses DIFx first and when that is blocked it seems it may be "seeping" in through other connections, at this point undetected by zone alarm- I think zone alarm is missing bits and peices or something. I guess need to search MS for security updates I can download seperately. Or does anyone know of a phone line to an actual person to order an sp3 update by mail?
Please excuse my computer terms. This is all new stuff to me. Nothing like a virus to teach one something about computers, LOL. Any help would be very appreciated!
Edited by Kandinsky, 05 January 2009 - 02:49 AM.