I thought I was fixed, but then I was redirected while doing a google search. I've had a virus that did that before, so I ran a full system scan with KAV 2010, and within seconds an alert popped up, warning me that I was infected with Rootkit.Win32.TDSS.d, and that Kaspersky would have to do a "special procedure" and then reboot. I let Kaspersky do it's thing, but oddly, a window at the bottom right corner told me that I told kaspersky to leave it untreated (I suppose that was the Rootkit's doing).
Kaspersky rebooted my computer. I don't know if this is pertinent to the problem, but for some reason, I could not use my mouse or keyboard, and it took quite a few reboots to get them to work again. When the peripherals finally decided to work, I logged in and did another Kaspersky scan. In seconds, the same alert popped up from before. I attributed this to my forgetting to disable System Restore. So I did that, then let Kaspersky do it's "special procedure" again. The computer rebooted, and the peripherals worked this time, but the Rootkit was still there.
I looked on one of the threads on Kaspersky, and it said to use TDSSKiller (A program by Kaspersky Labs). I used it last night, and it told me there were about 18 things wrong. TDSSKiller rebooted the computer, and I ran Kaspersky's scan again. The rootkit still remained.
I got frustrated at that point and went to bed. Today, I actually have a screenshot from running TDSSKiller again this morning. This time it says there's only one thing wrong... (See attached)
Some other things you should know:
1. This morning I tried to disinfect my computer by running a Kaspersky scan in Safe Mode, but the mouse and keyboard ceased to function. This only happens in Safe Boot.
2. After figuring out that my atapi.sys file has been infected, I scanned it with both Kaspersky and MalwareBytes. They both said nothing's wrong with it.
3. After being on the internet for a few minutes, Kaspersky alerts me that it denied C://WINDOWS/system32/SVCHOST.exe access to a trojan at [lenina .com / 102.exe]. This happens every few minutes.
4. I'm running the GMER program right now but it's taking a long time. I'll post it whenever it's done, but the virus makes Internet Explorer crash for no reason sometimes so I want to get this post up as soon as possible.
Edited by Orange Blossom, 07 April 2010 - 05:07 PM.
Move to AII as no logs posted. ~ OB