Posted 26 April 2010 - 07:53 PM
After what was likely an unwise click in Google Chrome, I got what I believe is the FakeReal (ave.exe) giving me phony Windows security alerts, browser redirects, etc.. I also had several processes called szj.exe, I believe. I killed as many suspicious processes as I could find, got rid of new startup entries with msconfig. I ran a FakeReal registry fix and ran an AVG scan, which seemed to get rid of the szj stuff. But ave.exe kept coming back via hijacked browsers. Ran HJT, MBAM, which seemed to identify and clean additional malware, but, again, ave.exe keeps coming back when I use any browser (IE, Firefox, or Chrome). Things seem pretty quiet as long as I stay away from those three, but I know it's still in there. TDSSKiller says it found TDSS rootkit in atapi.sys, but it does not seem to be taking care of it after repeated attempts.
I have spent 15-20 hours on this so far, and I'm looking for a compelling reason to keep going, versus backing up my data and formatting the hard drive.