Posted 12 August 2010 - 07:47 AM
I am helping a friend clean up his computer. The computer is running XP home. When using the internet, search results and pages other than the home/email page are redirected to random sites.
I installed Malwarebytes' Anti-Malware on the computer. After installation, Malwarebytes would not run. I reinstalled into a different directory than the default. Malwarebytes still would not run. After renaming mbam.exe, Malwarebytes would run. After multilple scans, both quick and full, Trojan.DNSChanger keeps appearing in the results. I have not had a scan without at least 1 infection being reported.
I decided to uninstall and reinstall Malwarebytes' Anti-Malware into the default directory. After installation, Malwarebytes would not run as mbam. When I renamed mbam, Malwarebytes ran. I was unable to perform the update on the new installation. When I tried, I received an error message. The newly installed version was 4052 and dated 4/29/2010. I ran a quick scan without the update and found Trojan.DNSChanger on the system again. After rebooting, I tried to update again. This time, the update worked. Malwarebytes is now at version 4422, dated 8/12/2010. Currently, the computer is running a full scan.
Also, I receive 2 RUNDLL errors on startup. One is for C:\WINDOWS\ipfxscag.dll. The other is for C:\WINDOWS\abacelotefcao.dll. I am guessing that these are from previously cleared infections, but are still in the registry. I can fix the registry, but would like to get rid of the resistant infection first.
By the way, I am writing this message from my clean computer. The infected computer is currently disconnected from the internet. I only plug the infected computer onto the network when I need to update Malwarebytes.
Any help you can give is appreciated.