I have a computer virus that I have not been able to get rid of, even though Iíve done scans with numerous ant-virus/spyware programs. What a huge amount of time this thing has taken so far. Itís driving me nuts; an awful thing.
With this kind of thing happening, how does any have any confidence that anything is safe on the computer, such as online banking or buying things online with credit cards. I hope someone will be able to help. Iíd really like to know how this thing has been able to evade getting cleaned up. Iím seriously considering wiping the computer clean and re-installing the operating system.I don't know how to insert pictures in this post
. I thought I could paste them in or it would prompt me for an image on my local disk, but it wants a URL. I don't have a web site into which I can place images.
Description of issue:
Browser (Internet Explorer) search results get hijacked. For instance, if I Google, for instance, "facebook" and click on the link that is supposedly the login for Facebook (www.facebook.com/login.php), instead I get re-directed to a site like this: http://www.hostway.com/promo/..
- Browser keeps reporting that its default search engine has been changed (image available)
- Browser sometimes freezes before it displays default page
- Get pop-ups out of nowhere that computer is infected and to click to get help. (Unfortunately, I dismissed these without getting screen shots and now itís not doing it while Iím preparing this post).
- On occasion, navigates away from the page you're viewing all by itself.
- Notice that the process, "s7443XlK.exe" is running and numerous Internet Explorer instances get started by themselves. Deleting this process in memory and on disk works for a while, but it somehow comes back. (I have a screen shot of the s7443XlK.exe process running)
- Windows Scheduled Tasks get loaded with scheduled entries like this: At1, At2, ... At24. I deleted these, but they come back after a while. They're trying to run a program in the c:\Windows\Fonts folder. (Screen shot available of this and of the properties of one of the scheduled items)
- Donít know if this is related, but XPís fast user switching isnít working now. What I mean is that if youíre logged in a one user and then you leave that user logged in and then try to log into a second user, the screen at first changes to a blank screen as if itís about to bring up the desktop of the other user, but then goes back to the user selection screen. This was working fine yesterday. I donít know if this is due to my having installed so many different anti-virus programs or due to shutting down some services that I know I donít need (at least right now) (listed below where I list things Iíve done).
- Another oddity is that Windows Task Manager shows the ďUsersĒ column, but the user name of every column is blank except for System Idle Process. By contrast, SysInternalsí Process Explorer does show the user names.
- Windows NVDM.exe process runs with high CPU usage and eventually errors out (see screen shot).
- Operating system: Windows XP Professional, SP3
- Computer: HP Pavilion dv8327us notebook
Things I've done/ settings:
- Browser pop-ups option is turned on.
- Reset browser to default settings
- I have disabled all browser add-ons that aren't identified as a company that I know.
- Windows Defender and McAfee are running with real-time protection
- Cleared out the Recycle Bin
- Ran HijackThis and saved a log. (Wonít post this unless itís requested).
- Turned off unneeded services like SQL Server 2005, World Wide Web Publishing, FTP Publishing, Message Queuing, Message Queuing Triggers, and Visual Studio 2005 Remote Debugger.
I've run all of the following scans (with the exception that Windows Defender never finishes: when I come back to look at it, itís gone.):
- Verizon's Radial Point Antivirus (just got rid of this and switched to McAfee)
- McAfee (Scan came up with a few viruses, Trojans, etc, but didnít fix the problem Iím having now).
- Microsoft Malicious Removal Tool
- Windows Defender (never finishes its scan. Having it run real-time protection, but eventually gets killed off somehow)
- Malwarebytes (found several issues, but not the one thatís the subject of this post)
- SUPERAntiSpyWare (Found a few items, including some software are not malware (unless itís spoofing them), such as HPís CD quick launch and a component form InterSystemsí Cachť database product).
- AdAware (did not find anything)
- Ran a HijackThis log
Thanks in advance!