I update all 3 of the following: Malwarebytes, SuperAntiSpyware, and AVG.
1) I reboot in Safe Mode, then I run ATF-Cleaner, wipe everything, and hit Firefox with it too.
2) I run Flash_Disinfector, and hold down on the shift key while I insert the U680 in order to prevent any auto execute malware from running before windows detects the modem.
3) I run SuperAntiSpyware for C:\ D:\(cd drive) and E:\ (the Franklin U680 Modem), with the following items UN-checked:
Ignore files larger than 4MG (recommended)
Ignore non-executable files (recommended)
Ignore System Restore/Volume Information on ME/XP
Scan only known file types (.exe, .com, .dll, etc.)
And the following items CHECKED:
Close browsers before scanning
Scan for tracking cookies
Resolve Links/Shortcuts during scan (.lnk)
Terminate memory threats before quarantining
Scan Alternate Data Streams
Use Kernel Direct File Access (recommended)
Use Direct disk Access (recommended)
Display scan option in Explorer context (right-click) menu
SAS will get rid of HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (abbreviated HKLM\SOFTWARE\AGprotect in SAS) which is always on the U680. Then I unplug the U680 USB modem and restart my computer in Safe Mode
4) Next I go through Flash_Disinfector again, hold shift, plug in the U680. Then I run Malwarebytes on everything (C:\, D:\(cd drive), and E:\ (U680 USB Modem) because HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\avast!AntiVirus is always on the U680 and SAS doesn't get it, however Malwarebytes will. Then I unplug the U680 Modem and restart my computer in Normal Mode.
5) Then, while in normal mode, I run AVG, sometimes it catches stuff that both SAS and Malwarebytes missed.
6) Now I plug in the Franklin U680 Wireless Modem, (without connecting to the internet) and scan it with Malwarebytes and AVG. Both scans show that it's clean.
Then I connect to the internet (with the U680,) I don't open a browser or anything, all I do is connect. At this point, if I run Malwarebytes, even though literally seconds earlier I had just finished scanning with Malwarebytes and AVG, and they both showed E:\ as clean, both of these next 2 malware programs will be on E:\ (every time, guaranteed)
Trojan.Agent Registry Key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\avast!AntiVirus
Malware.Trace Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect
And one of these next 2 will usually be on C:\
Trojan.Agent File C:\WINDOWS\Temp\BN5.tmp or Trojan.Agent File C:\WINDOWS\Temp\BN7.tmp
Then this one is less frequent, and I can't find a regular pattern for it, but it's in my quarantine history dozens of times:
Trojan.Agent File C:\WINDOWS\system32\avast!AntiVirus.exe
Anyway, I keep running all the programs I see commonly recommended on this forum, but I must be missing something because I just can't kill this crap.
I have tried using SDfix, but when I try to extract it, I get this:
C:\SDFIX\apps\installed.txt Access is denied.
Also, I can't post any of my mbam logs, because when I try to look at them I get this message:
C:\Documents and Setting\KCMS-08\Application Data\Malwarebytesââ‚¬â„˘ Anti-Malware\Logs\Mbam-log-2009-05-26 (1059-50).txt Access Denied
I don't know if this is related, but I suspect it may be. About 5 weeks ago my computer got infected with a whole bunch of things all at once. That's what prompted me to start poking around on these forums, and I read somewhere that some malware will actually disable your access to your control panel etc. in order to make it harder to remove. That may have happened to me, because when I open up my control panel, nothing in it is accessible. When I try to access "User Accounts," "Add/Remove Programs," "Security Center," or anything else under Control Panel, this is the message I get:
Windows cannot find C:\\WINDOWS\system32\rundll32.exe. Make sure you typed the name correctly, and then try again. To search for a file click the Start button, and then click search.
Although if I open my Task Manager, it will show C:\\WINDOWS\system32\rundll32.exe is running.
But seriously- W...T...F... is wrong with the people who come up with this crap? I'm sure it's frustrating to be an outcast and virgin, and even worse to know that you're going to die as an older, outcast, virgin. And it has to be difficult to talk about it when people will take sand paper to their own raw, exposed brain, rather than have a conversation with you. But that's what internet porn is for, come on.
Edit: Moved topic from XP to the more appropriate forum. ~ Animal
Edited by angelsfire15, 21 June 2009 - 12:50 AM.