Hoping somebody can help - I've been working for about two weeks, now, trying to clear some particularly nasty Malware from my father's PC. I'm guessing that somehow, he managed to get himself a virus which has been secretly downloading and setting off other viruses, because the system was absolutely riddled with them - far too many to have all come from a single e-mail or suspicious program had my father clicked on something he shouldn't. Probably 30-40 individual, named viruses and hundreds of their associated components.
Having worked on this on-and-off for the past two weeks, I think I've managed to get rid of most of the threats. However, there's still two which keep coming back and I can't seem to get rid of; The file C:\Windows\System32\TCPCON.dll (identified by MalwareBytes as "Trojan.Agent") and also the file C:\Windows\System32\ADVOCR.dll (identified by AVG 8.5 as "Trojan - Hacktool.GCM"). The latter is, according to AVG, being called by the executable C:\Windows\System32\winlogon.exe - this tends to happen about 5 - 10 minutes after I log in. TCPCON.dll, on the other hand, seems to re-appear the moment I restart my system.
So far, in my efforts to clean this system, I've performed full scans with the following tools;
AVG Free Edition v8.5
MalwareBytes Anti-Malware v1.38
SuperAntiSpyware Free Edition v4.26.1006
Rootkit Revealer v1.7
RootRepeal (beta version)
As I said, these have allowed me to remove a huge amount of Malware, but these two Trojans still continue to elude me. Although both of their DLLs show up on the various scans, none of the above tools give me any clue as to why they keep coming back after I delete them. I'm far from being an expert (although my technical knowledge is reasonable) but there's nothing, now, in the logs from any of the tools that would suggest anything suspicious left on the system - except for the two DLLs themselves.
The one (possible) exception to this is the RootKit Revealer log; this shows only two "problem" entries - a couple of registry paths (which show up on the scan because they "contain null characters") which don't seem to actually be there when I look using RegEdit. Rootkit Revealer is merely a scanner, though - there's no way (that I can find) of using it to FIX problems once you've discovered them.
Having used all of the above apps, I'm wondering whether this ComboFix tool I've heard so much about might be the next thing to try. However, mindful of the warnings here (and on just about every other site out there that recommends ComboFix to anyone) I'm unwilling to use it without having somebody to talk me through what to do.
If anybody is willing to help, I'd be most grateful. I can re-run scans from any of the above tools and post logs, or I can download others if there's something I should be using here and haven't thought to try, yet. FYI, this system is running Windows XP Home Edition.
Grateful thanks, in advance, for any assistance.