Ive been trying to help a neighbour remove a worm from his machine. The problem began after a web browsing session by his son. The sites in question did not seem to be malicious, however the popups did. I think he has a worm of some sort, which may have damaged mscvrt.dll which I believe is a redistributable app DLL. This has caused the following problems:
All programs suffer from an error (and the error report popup), errors reports point to the relevent program, or to mscvrt.dll
these problems do not occur in safe mode
msconfig had one of the worm files ( a randomly generated name.exe) in a cache in %APPDATA% /GOOGLE/temp
while this was deleted , the problems have persisted, leading me to believe there are other copies elsewhere.
Whats the best way to:
a) identify the worm
machine has AVG 7.5 on it ( I had 8.5 on hand but cannot update because of the worm).
machine has spybot (latest) installed.
is it worth my while getting HJT and getting a log? are there any diagnostic tools which would be of use for finding the worm? ( avg can't find a thing, and the registry seems clean)
help would be great as there is important information on said machine.
Edited by Pandy, 23 June 2009 - 12:55 PM.
Moved from Win XP Home and Pro ~Pandy