Posted 25 July 2009 - 08:37 PM
this is my first post here and I hope you guys can help me figure out what virus/malware I have and how to get rid of it.
Yesterday I wanted to download a keygen for a friend and I think that was most likely the source of this problem - "Microsoft Office 2007 Keygen ed500"
After downloading the file and starting it I'm consistantly getting redirected to advertisment pages, popups show up on every website, pc gets very slow as most of the performance is used for the malware processes and sometimes I even get audio ads out of nowhere!
The task manager shows a .tmp process the last was called D468.tmp but whenever I restart the pc it's another name. It is possible to end the process and when you go to show the location of the process it's shown to be in the Temporary internet files folder - once the process ist stopped I can delete the files (.tmp & .dat & .exe files) in a folder named "low". The redirects and popups still continue even after deleting the files.
After restarting the system and internet explorer the files in the Temp folder are created again and the Process exists again just with another name.
I took a look at the startup menu in msconfig and found a process called "monopod" from an unknown manufacturer and located in the same folder - User/AppData/Local/Temp/Low/b.exe ... I disabled it, deleted the folder & files, restarted and the files were again created (the monopod process was still disabled).
The notebook runs on Windows Vista, has AVG Free Antivirus installed and updated (scans don't find anything) and Internet Explorer is used to go online.
I don't really know what virus this could be, where to find it and how to get rid of it - I would be very thankful for your advice!!
Thx in advance!