First, it setup a proxy and surfed to dozens of pages in the background, my avast network monitor was going crazy, and watching all these links get visited let me know it was hijacked. My internet was slow and laggy, and to connect, I would have to disable my LAC and re-enable it, and my internet gateway would start. It completely infected Google Chrome and Java, and I had to uninstall both of those things. System Restore was turned off, so it wasn't hiding in there. I ran HJT and saw an odd registry key.
O4 - HKLM\..\Run: [Rbodanis] rundll32.exe "C:\WINDOWS\aqiyihit.dll",Startup
I figured this may be part of the virus, so I used msconfig and disabled it from Startup.
Bad move on my part, when I restarted my computer, looped BSOD, and nothing would load. Couldn't even get a Safe Mode boot. After atleast three hours of struggling with this, I used my XP CD and ran a recovery installation, I'm back in. However that DLL remains, aswell as it's place in the boot list, it's registry key, and the DLL itself. Scanned the DLL with Avast and MBAM, it doesn't find it as a threat, but given how my computer acted when it was disabled, I find that hard to believe.
Even though I've deleted the files associated with Tango Toolbar (or so I thought) I still find it in my Add/Remove Programs list. When I click "change/remove", it opens and redirects IE to the Tango Toolbar help page. And my MSCONFIG startup list still shows the .exe file and directory for Security Suite, which shouldn't be there considering I deleted the necessary registry keys it created and cleared the directories it was living in.
I know my computer isn't actively infected, atleast not to the degree that it was, but I can still tell it's on here. It loads a little choppy, and just knowing something's on here that shouldn't be is making me paranoid as hell. So, what do you folks think I should do next?
You guys are Tech-Guru's, so your word is like gospel to a nerd like me
Edited by Nick Razzie, 16 August 2010 - 02:59 PM.