Posted 04 November 2009 - 11:34 PM
Based on what I have read on this forum and Major Geeks, I believe my wife's computer may have a Rootkit infection, perhaps max ++? The effects are that anti-virus programs such as Spybot and Malwarebytes are disabled and return an error message: "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item" and Internet Explorer browser re-directs when trying to access various web sites via Google(although it hasn't hijacked the home page). I was able to run Ad-aware, but it did not find anything.
Since the installed virus scanners would not work, I used my "clean" laptop to download some rootkit scanners to a flash drive and ran them on the wife's computer. Norman scanner is updated daily and claims to find and eradicate rootkit infections, but it didn't find anything. However, there were a number of "access denied" entries in the log it generated. fseasyclean just crashed. Sophos Anti-Rootkit found 360 hidden files, but for every one of them it said "clean up not recommended for this file", so I took no action. Helios Lite wouldn't run. RegRun Reanimator identified a max ++ infection and I followed the instructions to get rid of it, but after going through the routine and reboot, the way the computer behaves did not change. If anything, it was worse. Not only were Malwarebytes and Spyot still disabled, so was Reanimator! And Google links still re-direct. So it seems that there is no simple fix to this like "download and run this utility and your problem will be solved".
For past problems, I have typically been able to apply advice given to others on forums like this one to cure them myself. But for this one, it seems that each person who has inquired has had to be led through a step-by-step series of actions to finally eliminate this infection. So I am writing to ask if you can please lead me on this journey also. I am contacting you on my own clean computer so as not to risk interference from the virus. The steps you advise I will apply to the wife's computer. She is running Windows Vista 32-bit OS. It is an HP laptop and has a partition containing HP_RECOVERY, if anything in there might be of value.
To avoid interference from virus protection software, I have removed all of them from her computer except AVG (free version). I have read the instructions on temporarily disabling AVG, and will do so when you advise.
Based on advice I have already read on this forum, Major Geeks and Spybot forum, I have downloaded the following programs to a flash drive using my clean computer and can deploy them if, when and how you advise.
Combofix.exe (fake named C2OkMuByO2FcIrXs)
GMER (fake named G2MkEuRy6b3s.exe)
I am not particularly looking forward to this expedition but I appreciate your guidance in successfully navigating it. Shall we begin?
To expedite matters, based on other posts I read, I ran Win32Diag.exe on the infected computer and generated a log. I attempted to copy and paste the log here to give you something to work with, but I got an error message saying that the post was too long. So you will have to advise how I can get the log into your hands without exceeding the post size limitation.