I'm fixing an XP Media Center Edition SP3 computer for a family member so I don't know the origin of the problems but the malware is particularly nasty. The symptoms are as follows:
1. Links in google searches are redirected to fake malware removal sites, but the cached option works fine.
2. Scanning with antivirus software works for a bit, but upon reaching some unknown file, the software will crash. After this, the main .exe of the program is corrupted and changed to a hidden system file that is unmoveable, unrenameable, and undeletable (However corrupted .exes can be deleted using Malwarebytes File Killer and KillBox on startup). However, the main program is unchanged and so I make extra copies of the .exe files so I can run them. Scanning with HJT, Adaware, Spybot, Malwarebytes, SUPER Antispyware (Normal and Safe) crash. Sophos anti-rootkit BSOD in safe mode, and crashes in normal. Rootrepeal runs, but terminates during the file scan, which gives a short and unhelpful report.Actions I have already taken:
Executables couldn't open, so I fixed file associations in registry and cleaned it up in CCleaner. The system had fake antivirus programs, which were removed using the avenger. Googled up some of the symptoms, apparently someone also had a similar situation where antivirus software gets corrupted when scanning WINDOWS\$hg_fix$, so I nuked the whole folder using Avenger as well, but to no avail. Right now I have Spybot Resident running, which keeps some threats at bay.