Starting a couple of day ago my browser probably downloaded something that now is causing all this trouble.
The PC getting really slow, sometime freezes, browser prevent mebrowing some sites and redirect me to odd address and sometimes freezes so the PC need to be restarted, sometime more than once because the system cannot fully load properly.
Previously of this infection I already installed MBAM so I decide give the PC a scan. After MBAM started uploading the definitions updates MBAM throwed an error and quits himself, I started again MBAM and start scanning without first updating but as soon the scan started he shuts down himself again. I try more that once but all the time I try to scan or after 5 or 6 second MBAM will shuts down by himself, I tried also in safe mode but MBAM is still shutting down. Probably the malware is keeping MBAM to start (I also tried the trick to rename mbam.exe with no luck), so I update and run SuperAntiSpyware that is not getting shut down like MBAM and apparently he detected and quarantined a trojan "Trojan.Agent/Gen". I restarted the PC an scanned again with SuperAntiSpyware this time he did't find nothing but the PC has the same problems before and MBAM still is not working and the browser is still hijacked. I tried scanning with RootKit Revealer but the malware is also preventing him to start, even in safe mode. I tried RootRepeal that started, I did a File scan and it shows that in my volume C: the status as "MBR Rootkit Detected!". So I rebooted from the Windows CD and run the Emergency Console, " bacause I have installed the emergency console but is not working". Then In Windows energency console I ran fixmbr and rebooted. I checked again with RootRepeal but he his still showing on my volume C: the status as "MBR Rootkit Detected!". I have to post this request from another PC since the malware preventing me going to this address as well as others, and he redirect me instead to odd addresses like "www.allgive.com" and then the browser freeze, he prevent me also going to McAfee website (this time it shows a 501 error). I was able to go to the Trend Micro website and download HouseCall that I was able to run in safe mode (is not starting in normal mode). I updated and ran HouseCall that detected a virus: "TSPY_KATES.SMOD" and apprently he fixed it. But after scanning again with HouseCall the same virus was detected again, so I don't think that he was able to clean this infection.
I have exausted all my tricks and tried everything I can with no results than getting frustrated.
Please, I really need someone with more expertise than me to help me fix this problem.
Thank you, I really appreciated your work and the time you are spending to help who are in my same situation.
Edited by capsads, 27 November 2009 - 10:57 AM.