Let me just give you a run through of what I have done and where I am now.
First, I downloaded a file that I shouldn't have and it infected my system. I am running windows xp professional.
The virus proceeded to destroy my antivirus software, edit my registry, downloaded a bunch of stuff, and then destroy my internet connection. Iexplorer kept on starting its process and I think that was how the virus was downloading stuff.
I was using antivir, but the virus destroyed that. I cannot uninstall it and when I try to reinstall I get a CRC sum of (filename) has changed! This could be due to a virus!
After that, I booted up into the ubuntu partition that I was playing around with and downloaded AVG for linux. However, that only allows you to test files and does not actually remove them. I went in and deleted everything that was found and then rebooted back into windows. I ran spybot search and destroy and removed everything I found there. I ran combofix and that found some stuff. Then I installed AVG free, and then everything went crazy. AVG detected almost everything as a win32/heur virus and maxed my cpu out like crazy. I uninstalled AVG free and ran system restore.
This is where I got my drivers back up and working due to the system restore. I then installed avast antivirus and did a bootup scan. That also detected a lot of stuff as Win32:JunkPoly [Cryp]. Now, whenever I boot up, zone alarm tells me that generic host processes for win32 services is trying to access the internet. When I do not allow this, I cannot get online. However, when I do allow this, I can get online. But once in a while avast tells me that a virus has been downloaded into the temp folder. Iexplorer still starts up but I have set zonealarm to just kill the process. Also, services.exe in the system32 folder keeps on trying to connect to the ip addresses listed here: http://www.threatexpert.com/report.aspx?md...7d7fb4ebf19911e
The weird thing now is that I cannot run combofix anymore. When i try to run it, it gives me the win32 only incompatible os error. Also, I still cannot install antivir.
I have just downloaded hijackthis and did a scan.
Please tell me what logs you need me to post.
I have the original AVG scan from ubuntu log
The combofix log from when it worked
The combofix error (cannot run) log
The avast boot scan log
The avast temp file virus warnings
And the hijackthis log I just ran.
Edit: Moved topic from XP to the more appropriate forum. ~ Animal
Sorry first time posting here.
I got combofix back up and running but I have not run it yet. Avast for some reason classified find.exe as Win32:JunkPoly. But rescanning it now, it comes up as nothing, so I restored it.
Edited by TheRabbit, 17 February 2009 - 11:58 PM.