Posted 14 September 2009 - 12:22 PM
Hello and thanks so much for all you do... Will try to summarize current problem...
I'm a IT VB.Net and SQL Server developer so of course I work on family / friends / neighbors computers because of course we know all this stuff :-(
Anyway... Computer is a Dell laptop running Win XP Home with SP 2 and McAfee... It appears that some kind of software call RebateInformer was downloaded - looks highly suspcious when you see things like "Get 1,000s of Rebates" in help copy... Using BleepingComputer info, successfully took the first steps to removing Windows Police Pro and Advanced AntiVirus which both appear to have originated very shortly after the RebateInformer install. Will have a serious chat with neighbor since I just got rid of Anti Virus 2009 on this same machine a month ago (using SuperSpyware, Malware Bytes, SDFix instructions from Bleeping Computer posts).
Current issue is that while it appears most of it has been removed, there are still registry entries for a AntipyProex service which I can't seem to remove (access denied) from the registry (although I did get rid of the executables the registry pointed to svchasts and desote.exe.
I still think there is something going on... I don't know how to remove the AntipyProex windows service, I note that I cannot boot to safe mode without a blue screen, chkdsk comes back with cannot get direct access to volumne, defrag won't work... and if you kick off a McAfee scan that also forces a BSOD...
Would you take a shot at helping me finish this cleanup? If so then how should we proceed?
I've run Malware Bytes and gotten clean results but these other issues still point to a rootkit out there...