(This may be more of use as info, but i thought i should share my experience even if i can't get a fix)...
About a week ago, I got infected by the rogue hoax going by the name of AntiSpyware Soft, its exactly as described here......
It had already hit my PC about a month ago, and I managed to disable it by taking out the auto-startup .EXE files (that would lock me out) using CCleaner / and editing the Startup progs. Then I ran Malwarebytes, Spybot, Adaware, AVG and cleaned the whole system -- all seemd ok.
This time, I did the same thing, disabled the onStartup .EXE progs ~~ but there were about 16 this time ~~ and after running same spyware apps as above and I deleted whatever it found - again many more Trojans / Rogues. The EXE files were installed into (for example:) \Documents and Settings\My User\Application Data\Local Settings\Temp\huifksh.exe... but I managed to get them all out.
I also reset the LAN Settings / Proxy bit that prevented me connecting thru my browsers.
This all seemed to work, and I was up and running again,,,, BUT THEN,,, the Microsoft Just-in-Time debugger window kept popping up, and i exited out of that like 6-times every time it appeared. Then Firefox would randomly start a new instance of itself, and load up several tabs that looked like phishing / hack sites, sometimes an Ask Jeeves site.
Also -- nearly every Google search result link i clicked on, sent me to some completely random search site, sometimes looking dodgy, quite often sent to "Ask Jeeves".
I then noticed that Windows XP Firewall had been disabled, and presumed that I was getting attacked from outside, which was why the FIrefox window kept popping up, or some script was trying to run, prompting the Just-in-Time debugger window.
At this point, I thought "Ok -- time for a reinstall", but as i'm a budding PC technician & software programmer, i really want to get to the bottom of this.
I cannot get Windows Firewall / ICS service to start again -- it gives an "Error:2 File is Missing" message, but doesn't tell me what file.
So I installed ZoneAlarm Free, and that has stopped the JiT-Debugger popping up, and the spurious Firefox window with random/dodgy looking search sites & phishy sites like "Work from home & earn $300/hour".
HOWEVER -- i cannot get around the redirect issue, nearly all links in Firefox get redirected to Ask Jeeves or some other random search site (v3.0.19 -- yes I know that's old but I regularly use RealPlayer Recorder Plug-in to record video content from myspace -- that doesn't work with Firefox 3.5)
Internet Explorer v6 -- old but i prefer it) has no problem with redirecting issue // Opera 9.24 gets redirected, but not as heavily as Firefox.
And I still can't get the Windows Firewall running.
I have rerun Malwarebytes Antimalware and nothing comes up // AVG only reports "runtime packed mew" on a couple of files, but these are classed as low-priority and (according to other web reports) misnomers/ not real threats.
This is a pretty comprehensive disabling ~ as I said I fix PC's & laptops for a part-time living, and have not seen anything this devastating for a long time. My usual response would be to reformat & reinstall windows, but curiousity and my sick/sado-masochistic side doesn't quite want to give up on looking for the culprit just yet.
Anyone got any helpful ideas ???
EDIT: Moved from XP to Am I Infected forum ~ Hamluis.
Edited by hamluis, 06 June 2010 - 05:40 PM.