Yesterday, my computer seems to have been walloped with something nasty. I can't remember now what first alerted me to it, but at one point I realized my IE kept resetting its options and turning off images. Annoying, so I started searching for what would do that. Then I realized that I had a redirect that was sending most google link clicks to windowsclicks.com, and making other searches not work at all (blank results screens). I looked that up and found a solution here: http://www.myantispyware.com/2009/01/24/ho...uacdsys-trojan/
I tried the Avenger step and got an error message. But I was able to install malwarebytes and did a scan. It found over 20 things, removed/cleaned them, and I rebooted. All I remember now was that Vundo/Virtumonde was in there. I recognized it because I've been hit with that one before. The others I just don't remember. I thought it had saved a log, but now I can't find it. Argh. I wasn't expecting to need to ask for help, otherwise I would have paid closer attention to the details.
At some point (again, I'm foggy now on what happened when. Sorry!) Windows XP (Media Center SP2) started asking for my password when it would start up. Instead of the usual full-screen startup, it would give me a smaller classic login window (I've always had it set to autologon, so this was strange). I hit enter, since I have no password, and would then get a Data Execution Prevention Error on the logon. I closed that, could hear my computer finishing the rest of its startup sequence (scanner comes on, etc.), but never got anything but my desktop wallpaper. No taskbar, no icons, nothing. And if I tried to ctrl-alt-del, I got the same DEP for taskmanager. All I could do is force it to shut down.
Again, at some point in the middle of this, McAfee popped up a warning about a Win32 trojan. I ended up finally getting into safe mode to run the scan, and it found over 400 infected files. It quarantined then and removed the viruses and trojans. Some were backdoors, others were trojans or viruses. Again, I wish now I'd paid more attention to what they were called.
I rebooted back into safe mode again and did another scan to make sure everything was gone. This time, it found 130 infected files in the restore folder (stupid me, I forgot to disable system restore first, and now I'm hesitant to do so because it will delete all my old restore points, and I'm not sure if I'll need them or not) and 4 in the memory. I had a new name now for it: Generic!dxrootkit.
After work today, I tried booting up again. Windows worked. It still asked for my password, which is annoying, but it let me in. I suspected it still wasn't gone, since my searching came up with quite a few mentions of how nasty and persistent it is. Following other instructions I found about that specific rootkit, I downloaded SDFix and installed it, then went back into safe mode as instructed, but couldn't run it. It just kept saying it couldn't find the file, even though it's right there, and I can see it. And now, I'm having the same old problems with XP not letting me in again. DEP errors every time unless I'm in safe mode. I got the login prompt to go away by doing CONTROL USERPASSWORD2, but the DEP is still t I haven't done another scan yet. I was going to run malwarebytes, but when I try to open it, it says it can't find the file. I don't know what happened to it. I'll run McAfee's for now, but it takes forever, so I figured I'd post my problem here in the meantime. Maybe by the time my scan is done, someone will be around to help.
Also, I just noticed a new folder on my C drive that I'm pretty sure wasn't there before: C:\32788R22FWJFW I'm not deleting it yet just in case it's important, but I suspect it's bad. I also have Viewpoint in my Add/Remove Programs. I thought I'd uninstalled it in the past, but maybe I have a program now that needs it? I don't know. I'm erring on the side of caution for now and leaving it alone.
Hopefully someone will be able to help me fix this. I'd really rather avoid having to do a reinstall/recovery. I have so much on here, even if I backed everything up to an external drive, I'm sure there are programs and things I'll miss, or won't be able to reinstall. I will if I have to, obviously, but would like to leave that as an absolute last resort! (Plus, I don't trust that my HP CDs or D: drive will even work properly, and then I'll end up with nothing.)
Thanks in advance for your help, and sorry if I was too long-winded. I wanted to be thorough!
PS: Spyware Doctor happened to be doing its daily autoscan while I typed this. In the results, it lists Trojan-SpyFlux, RogueAntiSpyware.WinSpyWareProtect, Trojan-DownloaderAgent.OGP, and Trojan-DownloaderAgent.SY. I'm going to tell it to remove them, then do the McAfee scan.