i got infected about 10 days ago.
i have followed numerous threads on here and other places to try and find a solution, no avail.
I have a Dell Latitude D630 running XP SP2
I have run AVG which detected initial infections, then got infected itself and stopped detecting. (I have a log)
I have run ad-aware and found infections but couldnt remove.
Ran GMER - found "MODULE (noname)(***hidden***)"
Have run Dr Web Cure.IT
Ran GMER - I have a log below - one thing it found was:
Ran combofix and have the log if you need it.
My machine now flashs up a warning message on start up that the drive may contain an infection.
I am stuck and really dont know what to do - i know it is creating lots of files.
I am on my spare machine (mac) for this so i ca follow responses. I have physically disconnected my infected machine from the net.
I also have a desktop which has the same issue and is disconnected - will post separate thread for this if same cure doesnt solve it.
Thanks in advance for the help guys - this seems to be best place to get this fixed from what i have seen.
GMER log from 30 Nov 09
GMER 220.127.116.1152 - http://www.gmer.net
Rootkit scan 2009-11-30 21:50:08
Windows 5.1.2600 Service Pack 2
Running: humbug.exe; Driver: C:\DOCUME~1\Howard\LOCALS~1\Temp\uwtyipow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
---- EOF - GMER 1.0.15 ----
Edited by madasalorry, 30 November 2009 - 05:00 PM.