He has McAfee installed - however I just found out that it has not been updated in many months, and obviously we cannot do so now. I do not have his laptop online, I'm working from mine and using thumbdrives to move things back and forth.
Habit of the intruder: System loads normally to desktop, though very slow. Eventually on the taskbar an icon will appear that is the same shape as the Windows shield, however it is green. The label that appears upon hover is Antivirus Soft.
Soon a window will appear titled "Windows Security Center." It's the standard Windows options about firewall, automatic updates, etc. I either close it or ignore it.
I tried to follow your directions, by first running the defogger.exe file to disable cd emulators (I have no idea it he has any or not), however I got that same message of it being infected so I could not run it.
I was able to run Hijack THis earlier, and can send that logfile if it is of any use.
Thanks for your help.
This system is running XP Professional, service pack 3. It is a Dell Latitude, D620, 1.66Hz, 1 Gb of Ram.
I am able to go into Safe Mode and run programs. I was able to run defogger successfully. However I was not able to run the dds - it seemed to run but never did pop up any of the windows as described in your article.
If in normal mode, if I let the system just sit for a while, it will open IE attempting to go online to web pages such as adult.com. After a while it will open another tab and attempt to access another similar web site.
I am a retired software consultant - malware was one of my specialties. Normally my last resort would have been Hijack This, but this time it found nothing of interest, so I am quite stumped.
More info... the following site appears to match my situation:
However, when I try to run the first program they recommend, Process Explorer, and then rename it as they suggest to explorer.exe, it will not work. I get the usual message of the file being infected, but then I also get a message stating that "The specified path does not exist. Check the path, and then try again." It does this whether I run it from the desktop or from my flash drive.
Edited by Urnsbay, 27 February 2010 - 02:12 PM.
Move to AII. ~ OB