This morning I started up my computer (running XP home service pack 3 by the way) and found a message saying that my computer would be restarted in a minute because the "DCOM server process launcher" service had terminated. I rebooted in safe mode and scanned again with AVG, this time enabling scanning for rootkits. The restart message popped up again in the middle of the scan - scary to see this happen in safe mode - so I looked up how to stop it and ended up using this method, which worked:
Start -> Run -> type services.msc
Select "DCOM Server Process Launcher"
Right Click -> Properties
Change Startup type to Disabled
Click on Recovery Tab
Change all failures to Take No Action
After that I finished the AVG scan. It found 12 rootkits with "seneka" in the name and claimed to have removed them, but when I updated and ran Malwarebytes Anti-Malware, it found the same ones, plus more. It removed those and the latest scan shows nothing, but I am still having the issue with Google results and I'm afraid to get out of safe mode to see how things are running.
Also, looking through Malwarebytes logs, I discovered that it had caught a bunch of trojan.vundo along with some trojan.downloader and trojan.TDSS a month ago, so I wonder if this could be a re-infection somehow? Thanks in advance for any advice on all this.
Edited by littlefishy, 05 February 2009 - 06:24 PM.