Posted 15 December 2009 - 04:46 PM
Hope this is the right place for my problem. Until today, I always regarded my PC as pretty secure!!!
I am using XP Home SP3 with all the latest updates; I use AVG 9 which runs a complete scan every day using the latest updates; I am using Zone Alarm 8; I am wired to a router which, I think, has is own firewall; I periodically run CCleaner, SpyBot S&D and Ad-Aware; I think Windows Defender runs in the background too.
A bit of background that may, or may not, be relevant here: my PC tends to be on 24/7 so I have not tended to reboot that often but, since AVG updated to Version 9, when I have rebooted the hard disk light stays on for about 40 - 50 minutes after I boot up. Very little CPU gets used during this time but everything becomes very, very slow. This may be coincidence and this may be a completely different problem but I thought I ought to mention it anyway.
But the real problem started today. When I use Google with Internet Explorer 8, the list of results appear as normal, but when I click on one the the results I do not get taken to the proper site. One of a number of things happens:
1. IE8 just takes forever and nothing happens; or
2. IE8 takes ages, and then takes me to something totally unconnected with the result listed; or
3. I get a message that looks like it is from my anti-virus (but may not be) saying "Accessed file infected. Filename: on-line software-scaner.net secure1/?". A long id number follows then "Threat name: Exploit Rogue spyware scanner (type 504)". [I can confirm that "scaner" (sic) is how it is spelt first time].
If I use Google in FireFox, it seems to work OK; similarly, if I use Yahoo search under IE8, that seems to be OK too - thought both are much slower than I would expect.
I have run a complete scan with AVG and, apart from the usual tracking cookies, it came up with nothing. Spybot S&D also found some tracking cookies, but nothing else. Ad-Aware seems to be "disabled" at the moment and won't run. I ran SuperAntiSpyWare which found and removed Trojan.Agent/GenNullo (Short) from one of the C:\SYSTEM VOLUME INFORMATION \_RESTORE files. And Malwarebytes AntiMalware found several references to Rogue.ErrorSmart, Trojan Dropper and Rootkit MBR - all of which it quarantined and deleted.
Any guidance on what to do next would be most welcome. Thanks.