Posted 11 August 2010 - 07:08 AM
I'm running Windows XP Home Edition. I have AVG 9.0 and Malwarebytes installed. This issue started last week when I tried to print a pdf from Adobe. It kept queuing to the printer and not printing. So I uninstalled the printer software thinking I would just re-install. I inserted my printer CD into the driver on the modem, the light came on, I could hear it spinning then the light went out and nothing happened. I don't use the CD Driver very often, sometimes I insert a music cd and listen to music via windows media player, but hadn't done that in quite a while. Wasn't sure what the problem was, I thought perhaps the software that actually ran the CD Driver was corrupted so I went on a popular free download sight to look for software that might correct the issue. I saw a tv ad about slow computers and while on that free download sight found a free registry cleaner that supposedly found and corrected any registry errors which would speed up my computer. I downloaded the free registry cleaner and went thru the process of running it on my computer. Before it started running, it told me that I had to turn off my antivirus while it done it's thing. I opened my AVG but couldn't find a place to turn it off...so I thought the only option was to uninstall AVG, run the registry cleaner and then I would re-install AVG. So, that's what I did. I uninstalled AVG and ran the registry cleaner...it found over 800 issues and asked me if I wanted to "fix" them, I clicked yes and it supposedly "fixed" them. Well, I forgot about re-installing AVG until a few hours later...I was on Yahoo search engine and I clicked on a known good website, but instead something totally different came up....I immediately realized what happened...but I also knew I hadn't been on any strange sites since uninstalling AVG. I tried to go to AVG website to get the download, but it wouldn't let me...kept taking me to different sites. I tried to go to the popular download site to no avail. Nothing I did would allow me to get to a website I needed. I have a laptop with XP also, so I used it to go to the download site and sent a link to the download via my email. On the infected pc I opened my mail, clicked on the link and proceeded to download AVG. When it was finished, I ran a scan and it found a threat and put it in the virus vault. I then ran Malwarebytes and it found threats and did what it was supposed to do. I still didn't trust that everything was ok, so I kept scanning with Malwarebytes and AVG. Last couple times I ran them it didn't show any issues. I have AVG running daily scans at 3am...so this morning I find a window on my screen that says: Security Warning: Application cannot be executed. The file AVG exe is infected. Do you want to run your antivirus software now? yes or no I clicked yes...nothing happened. I then clicked on the icon at the bottom of my screen to open AVG screen...I got the same warning box. I then thought I better send this issue to you guys....so I clicked on start and control panel and clicked on the system icon to make sure of my OS. I got another warning box the same except this time it says: The file rundll32.exe is infected. Do you want to activate your antivirus? I also got an AVG alert that says: Accessed file is infected Threat was blocked! File name: antivirusword.com/shop?abc=cGdpZD00Jnl9NzguMjE= Threat Name: Exploit Rogue Scanner (type 1514) Process name: C:/Documents and Settings/Networkservice/Local Settings/ApplicationData/wukfbrnwc/qldebehtssd.exe Process ID: 3440
I haven't done anything else at this time as I'm awaiting instructions from the experts here on BC. Thanks in advanced for all your help.