Posted 11 September 2009 - 12:36 PM
First things first:
-Windows XP Pro SP3
-AMD Phenom 9850 Black Edition
-ATi 4870 512MB
-WD 640GB - Partitions: C (system, 47GB, 13GB free), E (549GB, 272GB free)
-Hitachi 1TB - Partitions: D (931GB, 445GB free)
-Firewall: Online Armor Free
-Antivirus: Avira Personal Free
Experimental runing in addition:
Now, to the problems at hand:
I restarted my computer after 3 busy days, when SpyBot SD started before windows to scan... When it finnished, it found multiple instances of:
hjgruic...blabla.tmp - one in Windows\Temp
hjgruic...blabla.sys - one in Windows\System32\drivers
multiple instances of hjgruic...blabla.dll - in Windows\System32
It cleaned them, windows started normaly, when Online Armor reported each of these files trying to run with the process Explorer.EXE which is in C:\Windows. I blocked them, some number of cmd black screens appeared, but immidiately disappeared after the Firewall blocked them (or at least i think it did). I ran scans with Avira, which found one and said it quarantined it.. I ran SpyBot SD again, which found AGAIN all those from the start and cleaned them (yeah, right...) and then i ran A-Squared...
Now, it found a bunch of files, amongst them Explorer.EXE which said to be infected with Trojan.Win32.Alureon!IK. When it quarantined them, all, explorer.exe turned off.. I tried to run it from CTRL+ALT+DELETE, but it couldnt find the file! So i restored only that from quarantine and this is as far as i can go on my own.... Now, everything is running normally (or at least i think it is), but if you get any ideas, I would appreciate it.....
Thanks in advance and sorry for any spell errors, English is not my native language...