From the top: My sister sent me an IP Cloaking program in a zip file. I'd used the software before on a different PC, everything looked fine and it seemed good, she said it ran fine for her. The package had the installer, readme, system info file, and one other file (a keygen). I installed it, using my serial code, but then AVG freaked out and said that the keygen was a threat. Healed it, then blue screen popped up.
Restarted, ran an AVG scan, some tracking cookies popped up, deleted them. Fine, so I opened IE 8, and suddenly this new one pops up on the Resident Shield, Backdoor.Generic11.ZNE. I think, okay, I'll just heal it, Virus Vault, whatever. IT COMES BACK! Again and again. Then it starts saying my attempts to heal it were "interrupted by user". Lies. The actual file is C:\Windows\system32\hjgrimimnbbxb.dll, but manual searches can't find it. AVG keeps freaking out and I started to panic and shut off my wireless switch. A google search (on a different PC) reveals no solutions, but only 2 other English results and some foreign ones, none with a solution other than scan and delete.
I find another forum, follow their instructions to run MalwareBytes. Try get it on a USB so the infected laptop doesn't access the internet. USB ports start shutting down as the zombie file is accessed by or starts a process. Finally, I turn the internet back on, download MalwareBytes and Windows rootkit. MalwareBytes freezes, but detects 6 infected files before freezing. Windows Malware Kit detects nothing. AVG is still freaking out in the background, a new entry in Resident Shield popping up every time I click something.
I reboot into Safe Mode, uninstall AVG (dumb, I know), run MalwareBytes (successfully), and fix what it says needs to be fixed. Reboot into normal mode, and my desktop can't be found. Files are still there in my Desktop folder in Windows Explorer, but not on actual desktop. So I decide I can live with it. Redownload AVG, install, then it starts AGAIN. The file is still there! Still doing God knows what, and I have no idea what it is. I tried to run MalwareBytes again, froze. Something in normal mode is freezing it.
So I'm feeling like a zombie hunter shooting wildly and missing the head everytime. I'm trying to get a HijackThis Log, but it's kinda difficult. Please please let me know if there is anything else I can do, or if can get the log, if I should post it.
I know this is crazy long, but I'm in a panic over this, I just logged into my bank/credit accounts yesterday and I (stupidly) don't have everything backed up.
Edited by The weatherman, 04 July 2009 - 05:19 PM.
Moved from hjt to a more appropriate forum. Tw