This is my first post here at this site. Thanks for any guidance you may be willing to provide in advance.
On Tuesday morning, I got popups stating my computer was infected. The Program was MalwareDefense. Before the blink of an eye, most of my anti-virus programs would not run, update, or re-install.
This included: Malwarebytes, Spybot, all Mcaffe Security Center applications, SuperAntiSpyware, and Spyware Doctor.
SE-Adware and SpywareBlaster did run, but only SpywareBlaster would update.
I ran SE-Adware with outdated signature files, and it removed three infections (not sure which ones?).
(Also, Firefox would be redirected to AskBar ; I get warnings about being redirected; and IE would auto close after a minute or so.)
With indirect methods (renaming .exe files), I was able to get SuperAntiSpyware and Malwarebytes to install/run, but with outdated sig. files (couldn't update).
SuperAntiSpyware detected: Rogue.SmartProtector
I fixed it, restarted, and ran again: it reappeared. Ran and fixed it again.
Malwarebytes v1.42: clean
On Thursday, Malwarebytes released v1.43. I ran it and it detected: Trojan.FakeAlert (3-instances); Trojan.DNSChanger; Rootkit.TDSS.
I fixed these items, and I noticed the Mcaffe symbol reappeared. I then was able to run the Mcaffe virus scan but with outdated sig. files. It detected: NTOSKRNL - HOOK. I chose to remove it.
I checked Spybot, Malwarebytes, and SuperAntiSpyware and they now all opened. Apparently, the Malwarebytes unblocked the malware which was disabling the anit-virus programs.
The previous scans were done in SAFE MODE. I logged back in NORMAL mode.
I then was extremely overjoyed that I was able to run and update all the antivirus programs.
I updated all of them and ran scans. Here is what was detected with UPDATED files:
McAfee: NTOSKRNL - HOOK
Malwarebytes v1.43: Trojan.FakeAlert (2-instances); Malware.Packer; Rootkit.TDSS (3-instances).
I checked to fix all items. The next round of scans:
Malwarebytes: Trojan.FakeAlert and Rootkit.TDSS
I have since re-updated, and ran all the programs in both SAFE/NORMAL modes, and all of them come back clean.
I also ran SpywareDoctor in Normal mode, and it came back clean.
I did have an episode today, which the screen turned blue, and the after several minutes, something about WMI being terminated, and the system needs to shut down. Somewhere in the notice, it stated something about viruses.
This where I am at now. All the programs state I am clean, but I don't believe it. If someone could tell me how to check and make sure I am clean, it would be greatly appreciated.
Hopefully, I got the protocol correct and help is on the way.
Edited by windex, 02 January 2010 - 04:43 PM.