Posted 16 April 2010 - 02:53 AM
I cleaned my PC eventually yesterday, a case of trial and error really.
gmer was reporting iastor.sys had a suspicious modification, but everything I tried to get a clean version of it on (avenger, etc) didn't work.
I ended up switching my BIOS settings to use SATA-IDE mode rather than SATA-AHCI so that the system wasn't using iastor.sys, I then booted off an Ubuntu CD and wiped every occurrence of iastor.sys
When I next rebooted into windows, the redirect/update block was still there and had transferred to atapi.sys. This now did seem to get detected by tddskiller from kapersky, and said it would be cleaned on reboot, but it wasn't. Back into ubuntu, I removed all occurrences of atapi.sys and copied a clean one from a different PC. This seemed to get rid of the virus, but the PC would only stay up for a minute without blue screening.
So i finally switched the motherboard back to AHCI mode and reinstalled Intel Matrix Storage manager to get iastor.sys back on. Fingers crossed, it's all working fine now, no redirects and windows update is working again.