Posted 24 January 2010 - 03:40 PM
My husband has been using an anti-malware program called VIPRE that he's been happy with. Hubby is a TOTAL non-techie type; his idea of "tech support" is to ask me for help, and I know very little more than he does. Luckily, about a month ago I triumphed in a six-week-long battle against Virtumundo on my own computer (with a LOT of help from bleepingcomputer!!), so I at least know A LITTLE.
A few days ago, hubby's 2006 XP began to slow down dramatically. He ran a full scan with VIPRE, which pronounced him clean of malware. Yesterday his computer began denying him access to the Internet, even though ipconfig said he was so too connected. Up until yesterday afternoon, every time he booted or rebooted, he was notified that Windows couldn't find two malware files -- dimisawo.dll (sp?) and logon.exe.
I probably acted in the wrong order, but I trusted Jerry's report that VIPRE had said all was well. I obtained and used Uniblue's Registry Guard. Then, just to be scrupulous, I obtained Malwarebytes and ran a full scan. MWAM announced that it had found more than 200 malware files, including roughly 60 Virtumundos.
MWAM said it had to reboot to complete the cleansing, so I said "Fine." On rebooting, I was notified about 20 times that "putevama.dll is not a Windows image" -- since when is ANY library an image? I did an Internet search and discovered it's a "system file" associated with Virtumundo. Argh!
Well, it was late and I was tired. I decided to continue the battle today. Overnight, I thought it would be a good idea to start Jerry's computer in Safe Mode and run MWAM again there, before I obtained SuperAntiSpyware and ran IT.
Jerry's computer refuses to start in Safe Mode. It will only allow me Last Known Good Configuration.
OTOH, there is no evidence of putevama.dll today. When I go back to Jerry's computer, I plan to first use Task Manager to make sure it's not running, and then search for and manually destroy every copy I find.
Earlier today, I ran MWAM a second time. Today, it found and cleaned off one Trojan Horse. When it told me it needed to reboot, I did so. The good news is that there's STILL no evidence of putevama.dll. The bad news is, the computer still refuses to reboot into Safe Mode.
After that, I obtained SAS and ATF-Cleaner.exe. As I type, SAS is running and has found about 100 malwares that MWAM missed (so far).
I'm writing to ask, how frightened should I be that J's computer refuses to boot into Safe Mode? What, if anything, should I do? Now that most of the malware is gone it SEEMS to be working just fine, but my intuition is that if it refuses to go into Safe Mode, it's NOT just fine.