When it first popped up, it displayed a message with a windows firewall icon. It seemed suspicious and I didn't click on it because I thought it might be a rogue anti-virus. I tried to kill it with task manager (I forget if it worked or not), but after that I just pressed the off button on my laptop. After I rebooted, I tried to log in but I couldn't get in, I waited at least 5 minutes for my desktop to load but nothing appeared, so I booted into safe-mode. I went into safe-mode and ran Superantispyware (I had to change the name because it was blocked at first), and it found 5 infections. I removed them, and booted back into regular mode. It seemed fine at first, but when I went onto google (I use firefox btw) it started redirecting me to all these random rogue anti-virus sights (The few that I remember inlcude 'stop-sign antivirus' and some website called ave99.com). I was also denied access to many sites including bleepingcomputer and yahoo answers. I booted into safe-mode and ran Malware bytes (again, I had to rename the file) and it found 1 file, but that didn't do the trick either.
Oh, and one more strange thing I found out.. when I booted into safe-mode, there was a process called iexpore.exe loading every minute. Even if I ended it, it would load up again the next minute. I'm guessing its the rogue anti-virus trying to make a pop-up or some advertisement? But the strange thing is, when I disabled explorer.exe, iexplore.exe wasn't able to load anymore. I don't know if this has anything to do with the problem, but my dad was saying maybe my explorer.exe is infected.
I already scanned with avast, Superantispyware, and malwarebytes, they all found stuff, but the problem is still there.
Google search results redirect to random sites (usually rogue anti-virus sites... [stop-sign antivirus, ave99])
"Iexplore.exe" loads every minute regardless of what I do, but once explorer.exe was disabled, Iexplore.exe wasn't able to load anymore. (all this was done in safe-mode btw)
The virus blocks certain websites and certain programs.
I've only encountered the popups 1 time, but google is still redirecting me to other sites, and I'm still restricted access to some sites and programs.
I really need to get rid of this as soon as possible, Thank you very much in advance for your help .
P.S. I have HJT and other programs, but it would be very very difficult to get the logs to you because BC is blocked. Perhaps I can send the logs to you through email?
EDIT: This morning my dad did another scan and he said it found a rootkit. But the problems are still there? Isn't a rootkit pretty serious?
EDIT2: Oh, and I just remembered, I think it's also disabling the real-time scanner by avast. Every time I check on it it says disabled, and when turn it back on, it will be disabled a few minutes later.
Edited by justinlaughlin898, 03 February 2010 - 02:21 PM.