Posted 19 April 2009 - 12:46 PM
I have to give a nod to the author of this one; none of the old tricks work.
background: Win XPH SP2, IE7, AVast, spybot, PC doctor installed
Here's what it is doing:
hijacker & malware runs in safe mode with networking!
false positive, routes to site to buy malware protection, obviously installing more malware, cannot nav to any other sites, thus no online scanning possible. I don't even know what this one is called!
Installs 3 rootkits, randomly generated names keep changing; Rootkit Revealer & Blacklight i.d. same
Regediting currentversion/run fails. once you click out of the key, the .dlls return. other keys return on reboot.
HJT runs, but removal fails to remove .dlls
rundll.exe fails to shut off when shutting system down.
System Restore points are missing.
I replaced the Hosts file manually; blocked site malware was redirecting to & locked the file, malware replaced it with its own hosts file - in safe mode!
rewrote win.ini to delete malware.dlls on reboot; malware changed the names again.
I am very close to formatting the drive, but wanted to get the Forums's opinion first.