OK so I got a virus on my computer and I had been trying to take it off myself. I was able to fix some of the symptoms but not all and now am having some fun new issues. This started with with a fake anti-spyware app the called itself "Security Suite" hijacking system and running at startup. Also, regedit was disabled as well as folder options. Also the internet would not connect. I restarted in Safe Mode with networking, cleared out c:\documents and settings\[usename]\local settings\temp and c:\documents and settings\[usename]\local settings\temporary internet files. I also went into the c:\documents and settingins\[username]\Local settings\Application data &c:\documents and settingins\[username]s\Application data and removed any folder that looked suspicious such as folders named random characters (i.e. nxpkvvjl). Next, I opened MSCONFIG, startup tab, and deselected any unknown processes (checked each on on laptop/google to make sure none were essential). I opened Internet Options>Connections>LAN Settings and disabled the proxy (I don't use one but something had set a proxy up). I then ran MBAM full scan, told it to fix issues it found and restarted.
That seemed to remove the "Security Suite" app or at least it didn't start. Unfortunately the other issues still persisted. I searched online for a bit and found a fix was to use RKILL (renamed as iExplore.exe) and then run Spybot Search and Destroy, tried that, issues persisted. Spybot did find 7 items, fixed 4 right away and said to have cleaned up 3 more at startup. I then found a vbs script made by Doug Knox to re-enable registry editing. Opened regedit and found a key in HKCU\Software\Microsoft\Windows\Current Version\Policies that was called nofolderoptions and had a value of 1. I deleted it and after logging out and back in was able to access folder options again.
At this point I tried to go online and Google search but found I was being redirected to scam websites. So, I navigated to C:\WINDOWS\system32\drivers\etc\ and opened the hosts file with notepad. It was redirecting google traffic to an IP I later tracked to a server in Luxembourg. I deleted the entries, pasted in a copy of a free host file i found and saved the file. After this Google worked again.
And that brings me to where I'm at now. The current symptoms I am experiencing are:
* At startup, the registry editing and folder options gets disabled and I have to run the vbs script i found to re-enabled registry editing followed by deleting the nofolderoptions key that re-appears in HKCU\Software\Microsoft\Windows\Current Version\Policies.
*Spybot TeaTimer tells me something that looks like a long hexadecimal string is trying change registry but if I click deny the PC freezes.
*I have to release and renew my IP every minute or so or browser pages won't load (have tried Explorer, Firefox, and Chrome - all have issue).
Windows XP Professional Version 2002 SP 3
4 GB of RAM (windows sees 3.25 GB)
Intel Core 2 Duo 2.66 GHz
nVidia 8800 graphics card (eVGA model)
Asus P5K-VM motherboard
Any help would be sincerely appreciated as I am not looking forward to backing up 400 GB of files so I can rebuild.
Edited by hamluis, 17 August 2010 - 10:59 AM.
Moved from XP forum to Am I Infected ~ Hamluis.