Over the last 48 hours I've been locked in a heated battle. My poor computer has been the battleground. I'm running XP SP3, and it's been ugly. I will try to remember things as they happened, but I know there are gaps, and much I imagine has been blocked out in my brain from general trauma
The first I can remember anything happening, I had been on some site and moused over an ad, causing a pop-up. I thought to myself, "Well, that was weird and annoying..." my computer started acting a little bit constipated and running slowly. A day or so ago, my internet searches started getting hijacked. It would randomly pop up a new tab for some advertisement site, which I would then close - and then I would click on a link to wherever (and later noticed especially when I tried to access sites about spyware/malware/antivirus) would redirect to another random site.
AVG wasn't picking up anything. Suddenly, Adaware wasn't running correctly either... I couldn't connect to update to the newest definitions. A good friend of mine, who I know to be very savvy about internet security and trust implicitly, basically told me "AVG sucks, get Microsoft Security Essentials instead and run a scan with that." The initial scan came up with 4 infections:
for trying to fix the google redirect issue. Things were okay at first, obtaining DNS options were normal, etc. Once I opened the hosts file though, I saw that there were a ton of new IP addresses added! I deleted everything except the localhost, as instructed. TDSSKiller found a number of infections and rootkits, which it claimed to kill. (Now I wish I'd written down what they were!) Then I ran ComboFix (which I now read I shouldn't have... but i figured I'd fess up for the sake of transparency and getting my computer well again!) Things seemed fine when I went to sleep.
I woke up this morning with a veritable flood of Alerts from a program, XP Antivirus, that my computer apparently has more viruses than, well, nevermind - but a lot. I didn't recognize that program, and it was also telling me that my firewall was down, etc. At the same time, MSE was clearing out a bajillion instances of:
Which it prompted me to disinfect and remove. Trusting MSE and knowing it was legit, I did so. Judging by the entry on the Microsoft security encyclopedia, it seemed the most likely culprit for my problems. I went to update MSE before doing another scan, and suddenly it couldn't connect to update either. But, I was still getting redirects! My friend used remote desktop while I was at work to try and fix whatever might be causing the problem. He texted me to say he thought maybe he'd fixed it, but wasn't sure.
When I got home from work, I had another flood of infection spam. Then I found out that this XP Antivirus program was *also* malware and totally fake, and was also capable of blocking things like that. I followed the guide on your site:http://www.bleepingcomputer.com/virus-remo...virus-2008-2009
Again, once it was done, things seemed fine. I was going to do a little dance. Went out to hang out with some friends, come home and *still* getting redirects. Ran TDSSKiller again and it reported atapi.sys as being infected - It's suposed to fix it on reboot, but does not appear to have done so. Then, my computer pops up with XP AntiMalware 2010 spam (now it's a different version of the same thing!) I went through your guide again to remove it, but I'm still having redirect problems, and I'm afraid to do anything else to my poor computer without someone basically holding my hand.
I don't know if these things are inter-related problems, or if somehow my computer has become Typhoid Dave and just needs to be put down. But if there's any hope of fixing it, I'll do whatever it takes - I really can't afford to replace the machine right now, but still need to be able to use it.
Sorry that was so long, but the pinned posts said to be as thorough and clear as possible with the problems and steps already taken. I'm not afraid to retrace my steps, however, if that will somehow help. Thanks in advance for any help yall can provide.