Posted 02 September 2009 - 10:53 AM
I am new to this so please let me know if I left any info out.
I have a computer that has been infected with some sort of AntiSpy Protector 2009 variant. Here are the symptoms:
Computer startup is extremely slow. One the desktop loads, none of the start up applications will launch.
When trying to open anything that relies on an "EXE" to run a command box opens (flashes) then closes and the ensuing program does not run. This does not seem to effect any document or other type of file that is not "EXE" driven.
I have noticed that one clicking on an application such as MalwareBytes, the command box that opens redirects the path from "C:\program files\ malwarebyte's anti-malware" to "C:\program files\desote.exe"
After several clicks and some speed reading it appears this is happening to all applications that I try to launch, not just security apps. I am unable to run anything from Antivirus clients to solitaire. I cannot open msconfig, regedit, and the list goes on.
Any and all research that I have done, says to delete the desote.exe file and any variant of it from the C::\ windows\ system32 folder.
Not being a total nube I renamed the two files that I found to desote.old and ddesot.old. Once doing this windows no longer can associate an EXE file. It opens the file association window and asks which application would you like to use to run the program.
This being the case, I named the files back to the original, and tried only renaming one at a time. The same results are experienced each time.
Again I apoligize if I this topic has been discussed somewhere else, but any help or points in the right direction would be appreciated.