Here is more detailed info on my problems and my pc...
First of all, I had been on my pc (WinXP SP3, IE8), and then left it on while doing other things around the house. When I came back, I noticed it was slow to respond, and acting funny. Then, my McAfee (provided by AT&T, with their DSL service) asked if I wanted to allow a registry change. I said "no", and had to block these changes several times. Then I got several messages saying McAfee had blocked and removed a Trojan. Well, no, apparently not. I saw the red circle with the "x" in the lower right corner, and a message appeared from it. I immediately recognized it as a fake error message. I minimized my browser windows, and saw that I had a bright green wallpaper, instead of the photo I used to have. So I ran Malware Bytes and Super Anti Spy. Both found things and removed them (no problem removing anything). Suspecting this was a nasty virus, I even deleted every cookie that SAS found, rather than leaving ones from sites I visit often. While these scans were running, I did other things around the house. Once, while checking on the status of the scans, I saw that 2 browser windows had opened, and gone to sites that I never heard of (not porn, just odd sites). After the scans were complete, and I had restarted, I opened a browser window, and looked at my history. I had visited 20-30 sites w/o my knowledge. I picked one site, and searched it. When I saw a search result that was from bleepingcomputer or symantec, I clicked on it. It took me somewhere else. I tried searching for something simple, like "dogs". It allowed me to go to the AKC site (a dog site), but only after briefly stopping at some other plane or boat site.
Also, at one point, I made the mistake of right-clicking on the "warning" window that had popped up, and selecting "close".
This caused the warning to change, and changed my wallpaper from bright green to dark blue.
So I knew I still had something wrong. I came to bleepingcomputer, and saw a link for ATF Cleaner. I downloaded ATF, saving it to my desktop. After downloading it, I ran it, restarted my pc, and everything seemed fine. I never started my pc in safe mode, by the way.
Yesterday, I got a message from my McAfee, saying it had blocked and removed a trojan, that had something to do with Adobe. Immediately after that, I got the redirect problems again, although w/o the green screen or fake security message this time.
I ran a Malware Bytes scan. It found a trojan downloader and a trojan and got rid of both. I ran SAS and ATF in safe mode. SAS found nothing but cookies, which I deleted all of. I did the SAS scan the way I saw it posted here, with just 3 things checked, and the rest unchecked. ATF freed up a bunch of space - don't know if it got rid of anything malicious. I also had done a McAfee scan, and it found and quarantined 13 trojans. After the final SAS and ATF scans, I had rebooted, and everything seemed fine, so I turned it off and went to bed.
This morning, I got the Generic Host process for Win32 message. When I ignored it, my browser locked up. When I clicked on Debug, I got the NT Authority\System shutdown message. I found that I was also getting the search redirect again, and when I tried to log into BC, it said there was no user with my user name.
Now my pc is barely working, and if I click ctrl-alt-delete, I see the task manager in my tray, but I cannot access it. The window does not pop up.
Edited by ramonv, 21 January 2010 - 11:51 AM.