In short, my problem is this: I never had a serious virus issue before, until yesterday (so I haven't got much experience with all of this). I tried some things to get it removed and indeed, my computer seems to be functioning normal again, but how do I know for sure that it is gone?
In detail: while I was browsing suddenly some fake antivirus program called Total Security installed itself and avast! began giving me warning messages about files called "beep.sys", "null.sys" and "glaide32.sys", all in the Windows/system32/drivers folder and all infected with "Win32:RustNT [Rtk]". It suggested I reboot and do a boot scan, which I did. It found some stuff which I had removed, but when startup was complete the fake antivirus was still there. I used this guide to get rid of the program (http://www.bleepingcomputer.com/virus-removal/remove-total-security) by using Malwarebytes and indeed, the taskbar icon was gone and no more pop-ups. However, avast! kept warning me about a rootkit called "glaide32.sys", which I tried having removed but when I checked the drivers folder where it was located, it was still there. I tried scanning that one file with avast! and with Malwarebytes but neither program could remove it.
Then, and apparently this was a stupid thing to do but please excuse me, I had no idea and I won't try anything like it again, I ran Combofix; I just let it run and after it was done, it had removed the glaide32 file.
However, the "beep.sys" and "null.sys" files remain on my system. Are they bad?
Also, today I did another two Malwarebytes scans and it keeps finding two "Hijack.WindowsUpdates" items, even though it was supposedly clear yesterday. Does this mean there is still something spreading in my system?
I run Windows XP 32bit SP3 by the way.
Thanks very much for your help!
-Aleris
Edited by Aleris, 30 August 2009 - 06:47 AM.
Back to top
