This thing popped up on my XP partition today which I need for some projects and it has me beat! I was surfing internet forums and suddenly avast started going crazy telling me I had several incursions (I was reading HardOCP at the time of all things) Then this thing started installing "Antivirus 2010" and put it into my system tray. I think I managed to get rid of that portion of it by killing the process immediately but now I'm in real trouble.
This screen is what I see on my desktop now. Rife with spelling errors and at the end of the countdown, it shuts down the system so the time needed to run any full length virus scans just isn't there.
I've already tried shutdown -a but somehow this is circumventing that. I tried running shutdown - s -t 50000 to see if an independant shutdown.exe process will somehow keep this thing from shutting down my computer at the end of the countdown but my system ends up rebooting anyway when the virus countdown ends.
System restore is disabled, safe mode boots to bluescreen. I can't run Malwarebytes (program will load, scan will not start). I am currently running DoctorWeb in express mode but there isn't enough time to even do an express scan before this thing shuts my system down.
I booted into another partition and ran a scan and found infected explorer.exe (win32.dat.3 cured), winlogon.exe (win32.dat.3 cured) and fake rundll.exe and ntload.exe trojans which I deleted but the problem persists and the fake rundll.exe keeps coming back. Internet is unplugged. My hosts file should be blocking all the sites connected to "Antivirus 2010" as per the old instructions now but I think whatever this countdown thing on my desktop is is completely different.
With my luck it will be some stupid Gen3 Rootkit that no scanner can pick up. Does anybody have any idea what this thing is and what I can do? The timer prevents me from doing anything meaningful at all aside from doing scans from another installation on a separate partition which could pickup infected files but cannot access the registry, start-up files, etc.
Edited by Spare-Flair, 24 August 2010 - 07:51 AM.