Posted 27 April 2010 - 06:10 AM
Hello all. First time post here, so be gentle. Hope you guys can help out, so here goes the description.
Machine is a Dell desktop running Windows XP Home SP3. It currently has Norton Internet Security 2006 installed with a valid subscription along with Norton System Works Basic. This system is used in a small bookstore and one of it's employees was alarmed to discover that according to a pop-up window, the system was infected. It was one of those bogus programs, the name of which I personally do not know and employee doesn't remember. In any case, employee ran a handful of tools upon the recommendation of a friend (oh joy!!) and thought they had it fixed. A few days later they realize that all their google results are crap, and clicking on what should be links to whatever, takes them to some bladder control drug website. That's when they called me. It looks like they ran, or tried to run based on what I can see and they have told me, MBAM, Spybot, and Combofix (although they said when they ran combofix it would hang up and 3 instances of IE would be open in task manager immediately after starting it, evidently they where brave and armed with some knowledge and google). And don't worry, I've already scolded them for running combofix on their own. I can also report that this machine does not boot into safe mode, giving BSOD for PAGE_FAULT_IN_NON_PAGE_AREA, even with no page file set. Also interesting to note is that Norton Internet Security re-enables itself on re-boot, even though it's set to be dis-abled for 4 hours.
What we are ultimately trying to avoid is re-installing Windows, as they use a bookstore software called BookLog, which lucky us requires some sort of SQL server and shared/mapped folders to communicate with the "server" (a second desktop) for cash register functions and inventory/bookkeeping.
Thanks in advance for the assistance.