Posted 12 December 2009 - 05:52 AM
Update: Computer crashed hard this afternoon, but I have recovered a bit of functionality. I was using the command prompt to check what connections were being made to my computer and had just begun a tracert on an IP address that had no business being connected to me. Suddenly I received several error messages informing me that winupdate86.exe, winlogon, and windows explorer had all experienced errors and needed to be closed. A second later, Windows System Defender (the hoax application) started opening repeatedly about 9 times, at which point the computer simply rebooted. I tried to boot into safe mode, but each time the computer only restarted. I finally discovered that if i ignored the errors that popup upon logging in (simply drag them off the screen) that I can operate somewhat normally, though all my desktop icons are missing, task manager is disabled and I cannot open the control panel; Instead I receive the error "Windows cannot find "(null)". Make sure it is spelled correctly...", etc. Fortunately I usually have "expand Control Panel" enabled in my taskbar settings, so I can still access most of the Control Panel functions. Network Settings returns the same error message previously stated. I opened regedit and re-enabled the task manger by changing HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr to 0 from 1. I checked the task manager and found a.exe running again; I am fairly certain this is a virus file. Most of my quick access icons have been changed, but the shortcuts are intact.
The IP addresses that I believe have no business being connected to me are located in Arizona, Los Angeles CA, and Prague, Czech Republic. I have contacted my ISP and they are going to compile a log of all activity related to my MAC and IP addresses going back to November 5. This is the last date my antivirus software updated on. I normally have the software update automatically every 24 hours but it was disabled on the 6th and I did not notice for several weeks. Since then, I have been combating things like hoax software and viruses by running Malwarebytes repeatedly. It generally removed everything except the Trojan.Banker. When I could not remove that and my google searches started being redirected I came here.
Hopefully all this helps. Now I have a few more questions before I continue.
1. Root Repeal does not give me a series of checkboxes, but has a seperate tab for each box boopme listed. Should I run a scan on each tab and post each of those logs?
2. I have had three separate techs post replies to my topic. Is that the standard protocol now? Last time I came here, one person helped me through the whole process. Should I do what all of you say, or is one person going to take over, or are all three handles the same person? Please let me know before giving me more instructions. I am very capable and comfortable doing deep magick on my computer but I need to know who I am supposed to listen to.
3. As far as personal data and financial information go, I do banking and buying/selling online (ebay, amazon, etc.), but I never save sensitive personal or financial data like Credit Card or Pin numbers on my hard drive. I recently (2 days ago) cleared all of my browsing data in Google Chrome. My ISP told me that if my financial data gets involved, they need to report it to the FBI, who will also get involved in the case. What level of compromise am I at, and who do I need to inform of what?
Thanks for continuing to help.