Posted 05 February 2010 - 05:07 PM
We have a machine that is infected with PC Antispyware 2010. The machines operating System is XP Professional and is up to date as far as I know via auto update.
I read a variety of entrys here and elsewhere. I then proceeded to remove it using Malwarebytes in safe mode for networking. I installed Mawarebytes after downloading from another machine and copying the file to a jump drive. The program installed, ran and appeared to remove the malware. 10 days later PC Antispyware 2010 appears to have reinfected the machine. I'm not sure if this is a new infection or the same under a new name. My suspicion is it is the same infection. This machine is not a gaming machine and is generally only used for some gmail, reading google news, several newspaper and weather service sites - internet access. Not typical sites one might expect to get malware from.
Now that PC Antispyware 2010 is running, Malwarebytes will not remove the infection. I've tried a variety of ways both in and out of safe mode and in truth have been away from the issue for several days so I'm not entirely sure where we are in the process anymore. The infection has diabled internet access and at one point I got a Malwarebyte error code: 732(12007,0) I also found the program apparently disabled the XP firewall. Internet access is through Qwest (DSL) via wired DSL modem and router.
PC Antispyware 2010 does not show up as a C:\Program Files\PC Antispyware 2010 directory. It also does not show as an application running.
When I quit working on this before, if I installed Malwarebytes from a jump drive, the program appeared to run but did not find the infection. The malware does put up a variety of screens that I suspect are trying to launch the malware in other ways.
Today I read the preparation guide for before using HijackThis and other malware removal tools. I could not download DeFogger from the download link. The link appears to be broken.
I've downloaded a fresh installation file and installed Malwarebytes fresh on another computer. Scanned the jump drive for infection and found no issues. At this point I'm ready to start fresh on removing the infection from the infected computer. Any suggestions or advice would be appreciated. Thanks for your help