Posted 21 October 2009 - 12:48 PM
I'm not sure if I should post this in the Malware section or this one, but here goes.
I'm running Windows 7 build 7200 (actually using my Ubuntu install to type this).
Yesterday Windows Defender popped up for the first time ever and told me that I had a Browser Manipulating malware called Win32/Zwangi.C on my PC and it gave me the choice to clean it up. So I pressed the clean button and it seemed to do something and then requested a reboot, so I rebooted.
However, when Windows came back up it took a very long time for the login page to show up and after login it took a very long time (~10min) for the PC to finish loading my startup software, which is composed of AVG8, Skype, Spybot: Search & Destroy, Mosey Backup Service, Xming, and Daemon Tools. Even after finishing getting things loaded the CPU was running at 100% (according to the task manager), but there was no obvious task in the process list using this much of the processor.
I began killing all the processes I knew to be unnecessary, but this didn't seem to help.
If I boot into safe mode this seems to help. The CPU is not running away.
I have tried running full scans with Spybot, SUPERAntiSpyware, and Malwarebytes Anti-Malware but they found nothing. Also tried running combofix and RootRepeal, but they didn't want to run on Win 7. I also ran the MGtools and nothing.
I'm starting to think that there is just a bug in Windows Defender, which caused some horrible problem during the first reboot and now there is something wrong with the configuration.
I've also tried a Restore point from before the incident.
Has anyone else heard of something like this?