Posted 26 January 2010 - 11:19 AM
Well, rather than bore everyone to tears in the intro section, I just basically intro'd myself there and then jumped over here to explain my problem. I'm posting from my Mac, and I'm a PC/Mac graphics guy (retired but doing a few little jobs). So here's the story:
The PC is a usually very reliable Shuttle61, Pentium 4 machine running windows XP professional. I have been using it for about 3 years and have never had any virus or malware issues before. At one time I was running Comcast's (ISP) free McAfee anti-virus, but I switched back to AVG because I had heard too many people question the Comcast AV bundle. AVG and Ad-Aware were running for at least 2 years (updated/scanned regularly) and like I said... no problems until last week.
About 10 days ago a popup jumped on my screen for something like "Anti-Malware Defense" warning me that my computer was infected with a malware virus and that I should buy/use this program to fix it. I never respond to those popups, but then I noticed that I could not run Ad-Aware, AVG, or Spy-Bot Search & Destroy. I started asking questions in a couple of forums where there are a few IT guys who suggested a myriad of things to try.
I ran CC Cleaner and got rid of all the excess baggage on the PC, and I also uninstalled AVG Free v.9.5 because I was trying to install Panda Cloud Antivirus.
I tried installing Malwarebytes, and at my friend's suggestion, I downloaded the installer to a flash drive and renamed it MWB4, then tried to run it. The install went along smoothly until the end... and never seemed to finish. So I suspect that my infection is preventing the PC from finishing any install that needs to go to the actual website for maybe definitions? Anyway, there's an icon on my desktop, click it and nothing at all happens.
I again tried to install Panda, and I'm still getting errors, and I thought it might be helpful to post the Panda Install error log file, or at least the one that I think is meaningful:
=== Verbose logging started: 1/26/2010 10:01:54 Build type: SHIP UNICODE 3.01.4001.5512 Calling process: C:\DOCUME~1\Mike\LOCALS~1\Temp\RarSFX2\Setup.exe ===
MSI © (BC:FC) 10:01:54:359: Resetting cached policy values
MSI © (BC:FC) 10:01:54:359: Machine policy value 'Debug' is 0
*MSI © (BC:FC) 10:01:54:359: ******* RunEngine:*
******** Product: C:\DOCUME~1\Mike\LOCALS~1\Temp\RarSFX2\PandaCloudAntivirus_x86.msi*
******** CommandLine: ***********
MSI © (BC:FC) 10:01:54:375: Client-side and UI is none or basic: Running entire install on the server.
MSI © (BC:FC) 10:01:54:375: Grabbed execution mutex.
MSI © (BC:FC) 10:01:54:375: Failed to connect to server. Error: 0x8007043C
MSI © (BC:FC) 10:01:54:390: Failed to connect to server.
MSI © (BC:FC) 10:01:54:390: MainEngineThread is returning 1601
=== Verbose logging stopped: 1/26/2010 10:01:54 ===
What caught _my_ untrained eye was the fact that something is failing to connect to the server. I assume that this is the malware that is precluding the complete install. Panda Cloud seems to install and extract all the files, asks me what language, and to accept the install location on my C:\ drive... and then when I say yes... I get the error.
Another symptom of this malware is that I _occasionally_ seem to get audio clips playing on my PC which almost sound like they are from movies or TV shows... or maybe commercials? They play for maybe 10 seconds and then go away. That seems to happen when I boot normally and not in safe mode.
My friend Keith is in Florida, I'm in Western Mass. He suggested ComboFix as a "last resort" which is a little scary. LOL So... before I jump and try that, I thought I'd post the problem and give all the anti-virus geniuses here some background (trying to actually follow the posted guidelines) because I seriously want to get my PC protected again as I'm not running any anti-virus at all right now (15 hours at this writing). I have it running in safe mode and if that's good or no good... please tell me. I'm not sure if it is, but I thought it would make more sense to uninstall/install in safe mode.
Thanks in advance for any/all help.