Posted 31 October 2009 - 03:05 PM
I'm having difficulty figuring out this persistent malware. I think it's likely that there are multiple issues.
I'm running Windows Vista.
The malware started off with "google redirect" symptoms, and disabling my Symantec software
Shortly following, I could no longer access the web. However, the malware itself would create an internet explorer popup every 5-10 minutes (not my default browser) that would go to "search sites" (none that I recognized....) and search for lewd topics. Running the taskmanager would show multiple instances of iexplore.exe running on my machine (one for each popup). The popups would have to be eliminated one by one using the task manager.
Trying to run a system restore, I discovered all restore points had been deleted.
I installed AVG antivirus and got it to run once which seemed to help the problem. However, upon restart, all issues were back and I could no longer run avg. Windows defender constantly pops up that a new trojan is attacking my machine.
At this point, I unplugged my internet connection and started using another machine. I had left my problematic computer alone for about a month.
Upon turning it on last night, each time I logged on, it gave me a warning that "Windows had encountered a critical error and will restart in one minute" and would restart. I tried running cmd (in that one minute) to intercept it, but the task manager would freeze if I tried to run it from there and explorer would freeze if I tried to run it from there. I also discovered my Guest account is not working.
I restarted in Safe Mode and ran msconfig and disabled all non-Microsoft services. Upon restarting my computer, I found I could successfully log on (although Guest account is still not working).
At this point I figured I ought to post a highjackthis log to a forum.
My computer would not let me install using HJTinstall.exe so I renamed it to HJTinstall.scr. After installation, highjackthis ran for about 1second and closed abruptly. My machine will not run highjackthis nor will it let me rename it. If I try to run it, it says that it cannot access the file, device or path and perhaps I don't have permission, and if I try to rename it, it says that I need permission to do so and asks if I'd like to try again. Right clicking does absolutely nothing. This is all the same in safe mode, although right clicking in safe mode will at least bring up the options.
I'm out of ideas. Any help would be greatly appreciated.