A friend's HP desktop had been infected with various virus and trojans. OS is XP Pro and the system is set up with RAID 1 - not sure if it is a hardware or software RAID.
The machine was using Trend Micro which appears to have been targeted since after the infection it was not fully enabled.
The client bought Pareto Logic Anti-Virus PLUS and it removed many infections. I apologize for not having the names of the virus/trojans.
I installed Malware Bytes after downloading as different filename, installing and changing name of exe file.
More infections were removed - no details.
Afer running Malwarebytes it was hard to boot the machine. Windows would get to the splash screen then momentarily I would see BSD and be returned to the options boot up screen. Finally the machine would boot by selecting Last known good configuration. This sometimes took several goes.
Machine would not boot into safe mode.
Furthermore, running Malwarebytes again causes machine to crash (BSD) after a couple of seconds.
At this point client continued to use machine then reported virus warnings in IE pages and the program Personal Security suggesting a program to fix the problem. In Firefox I noticed that Google search links were redirected to heavy.com and not the link target.
I tried installing Microsoft Security Essentials which cleared out Personal Security and seemed to fix the heavy.com redirect.
In Firefox and IE, Google Search links now go the target URL but are redirected via triplexfeed.com. Apparently this is due to the presence of a root kit.
As well, the booting problem still exists. Sometimes boots straight up, sometimes returns to options screen and needs to be started as Last known configuration and Safe mode boot won't work. Running Malwarebytes still crashes the machine. At this point I am at a loss as to how to proceed further.
DDS won't run on this machine as it has AutoCAD installed. dds.scr is recognized as an AutoCAD script. When it runs it generates a Notepad file with gibberish.
In the absence of the dds output I have a HijackThis log and a RootRepeal report available to be posted or attached on request. I would appreciate any advice to correct this problem.
In another forum post I asked if restoring the machine to an earlier clean restore point would be effective. The answer was that it may work. If necessary I can go back to an earlier restore point but would prefer to know that all infections have been removed first.
Edited by Orange Blossom, 17 February 2010 - 07:43 PM.
Move to AII. ~ OB