Posted 14 May 2009 - 12:47 PM
This is very relevant and important so please read entirely.
I found this thread because I am having similar problems only I don't have AVG. I use the ZoneAlarm security suite and it has no problem updating.
Around May 8th I noticed that a special social networking program I have stopped working. I then noticed I couldn't click links in Yahoo using Firefox and that is how I found this thread. I tried to run regedit and sure enough it wouldn't launch.
I ran zone alarm (kapersky), Adaware, Spy Bot S&D, Online symantec, Panda, Housecall. Everything said my machine is clean. I know a brilliant computer guy that thought perhaps my registry was corrupted so he took my machine. Here is what he found when trying to run scripts to check for registry errors:
1) When trying to launch regedit explorer.exe restarts itself.
2) He disabled the ability of explorer.exe to restart itself, then tried running the scripts. The program would just hang.
3) To confirm that a human had written malicious code he copied regedit, renamed it, and put it in a different folder. With this done regedit could be launched under the new name.
This confirms that there is malicious code (rootkit) controlling the launching of regedit. None of the computer guys tools could find the code or traces thereof. I did have an unrecognizable virus about 3 weeks ago, and he found a running system32.dll running in the TEMP folder and removed it. The machine was fine until this recent problem.
His view is that someone OWNS MY MACHINIE and it's not me. He said even if there was a tool that found what the virus is it wouldn't tell what the virus has done to the machine. He recommends COMPLETE REFORMAT OF DRIVE!.
Other than the firefox with Yahoo links thing and my social network software not working, my machine runs great. Super fast and nothing that I can see running in memory. No popups, redirects or anything.
I'm running Windows XP Home SP3, and I was using Firefox as my default browser. I hope this helps some of you. If you figure this thing out please let me know. I'm pulling some data files off the infected machine and will likely have to F disk the poor thing.