As indicated this is my first time here on the forums, among so many that know more than I, even that I've done support and dealt with computers more than 20 years. Thank you for the time spent helping those of us learning how to cope with more advanced viral afflictions.
Quiet but odd behaviors lead me to run MalwareBytes and SuperAntispyware first. Both initially found several tracks and lesser infections but seeing a couple of droppers, made me nervous. Slow P4, struggling for reliable TCP still, so I DL'd a copy of HJT and cleaned up the usuals. Still no better, started to smell like rootkit, so DL'd a copy of RootRepeal and found several indications of things not happy. Some hidden files, hooked processes and most concerning a tcpip.sys that's hidden and has no signature found.
One MS update fails to install for .Net 3.5 and at one point autoupdate had to be turned off as it was interfering with Avast updating. This is the point I decided to hold up and look for advise. I also blocked file sharing at Win Firewall, as another system on the Lan kept running a Pipe and file open event on me. Most other ports that typically can be blocked to reduce exposure have been
I'm running XP SP3 on a 2.7ghz, P4 eMachines T2742 model, with 1Gig of RAM, connected on a 6M DSL, sitting behind a Linksys RV082 and SMC 10/100 switch. I have 3 other systems which are running without issue and test clean with Malware bytes so far, albeit I'm not convinced that a rootkit on the network might not own all the AV I've got to throw at it. The other 3 machines are two laptops running Vista and one server running Win7.
Hopefully I haven't tread on the forum's rules getting started.
If anyone would be willing to offer some direction, I should be able to follow and would be most thankful for help on how to clear this mess up, if it's possible.
Thank you in advance,
Edited by AfpMike, 19 September 2010 - 11:15 AM.