Posted 03 January 2010 - 01:02 PM
I did not find these forums prior to trying to work through this already, maybe the name just threw me off or I was searching for too limited descriptions, but who knows. Let me outline whats up and see what the thoughts are.
December 1, got nailed with the 'Advanced Virus Remover Tool' malware, while browsing a site I have done in the past 100's of times w/o issue. Somehow it got past a hardware firewall, windows firewall, and Trend antivirus. It produced the typical screen - your computer is infected, download our tool to fix. I just ignored it, shut the system down and rebooted. Apparently I was hit w/ multiple payloads, as it disabled almost everything you would use to find it, taskmanager, regedit, windows update, etc. (found a log file with the same timestamp, saying policy changes were initiated) Following a search on it, it was not too hard to find its .exe's and delete them. But this still left all the other problems, including the desktop flipping to a different setting on startup. Trend provided a tool not normally available that took out most of the junk, and after it and 4 repair-installs of WinXP Pro, some things work, some do not.
Windows update keeps getting disabled. Trend keeps finding copies of 'yinejape.dll' and 'tayudemi.dll' as trojan av, and deleting them, but they come back. The startup tab of msconfig shows 2 rundll32's w/ the parameter of yinejape, and even when you un-check them and hit apply,close, they are right back with a check mark on or before the next boot. Windows IE7 will not load, no errors displayed, just fails to load. I cannot install anything, and cannot get another browser loaded, nor anything like Malwarebytes. I have it off the network, and can only copy to it via thumb drive or CD. I copied dds.scr over, but it will not run, probably because IE7 won't load. It has no 'open with..' capability, and unfortunately opens as a code file in a programming code editor that likes .scr files. If a suggested tool will copy over this way and run, I can work with it.
I know this may be hoping for a hail-mary, so if it sounds like a basket case, I'll bite the bitter pill of defeat and try to rebuild the drive. I won't loose too much in the way of data or apps, just the time to scare up things, reconfigure and reload. You just hate to do that. I realize everyone is overworked trying to help after these criminals invade our systems, and then some non-expert tries their hand at going it alone and runs into trouble.