So, I've got a 4-year old laptop, and got XP Pro for it the beginning of this year. Have malware protection and all, but I do use P2P, so no wonder that I sometimes run into trouble, which I however usually can handle easily. But about 2 weeks ago I got the fake Microsoft Security Essentials Alert, and after a long time trying all the stuff recommended and having none of it work (incl. rkill), finally SUPERAntiSpyware seemed to do the trick. After I scanned my system with MalwareBytes as well to be sure.
However, even though I was able to access the net etc, weird stuff kept happening:
* taskbar was randomly disappearing and reappearing, or disappearing all together, or changing to a very oldschool look à la Win 95
* when shutting down Windows, explorer.exe was almost always unresponsive, and I had to click the "end task" button
* sometimes Windows was unable to even try to find a wifi connection, saying something about configuration etc. Had never seen this before. However, a reboot helped for this.
* and the most suspicious thing - on top of crashing all the time, when browsing, Firefox kept opening random tabs on its own. I haven't noted the names of the sites, since I mostly shut them down before they could load, but they're bound to be fishy and keeping me infected, because..
..a few days ago I got the MS Security Essentials Alert AGAIN. And this time SUPERAntiSpyware did not work. Tried for ages, rkill still did nothing, and finally Hitman PRO helped. The previously mentioned weird stuff still keeps happening, only this time it seems worse, since in addition to everything, sporadically some programs (e.g. XPlay) don't function, and yesterday I got a message of my system needing to shut down twice in 20 minutes. ("This shutdown was initiated by NT AUTHORITY\SYSTEM. Time before shutdown: 20 sec. Message: Windows must now restart because the DCOM Server Process Launcher service terminated unexpectedly."). I'd never seen anything like that before.
And because I'm now very wary of the Security Essentials thing coming back, I run scans at least daily with SuperAM, MalwareBytes, Hitman PRO and sometimes AdAware. The latter keeps finding that some system files (e.g. explorer.exe) are infected too. But I can't do anything about that, because I'm abroad and don't have the Windows disk with me to restore the original file. Heck, if I did, I would have formatted the whole thing long ago.
So, has anyone got any idea what's going on here? Is there a way to fix this or do I still need to get a hold of a disk to format?
If I need to give out more info, please tell.
Any help will be much appreciated!
EDIT: Scanning with Hitman PRO atm, and while doing the scan, it (always) displays this alert: "Possible variant of the TDL3 (alias Alureon) rootkit detected. The device stack of the hard disk is referencing a hidden driver. This could affect the detection of malicious files." And it keeps saying that some .sys files on C:/WINDOWS/system32/drivers are malware, as well as explorer.exe as previously mentioned.
EDIT2: Brand new problem now, without any warning I keep getting a momentary glimpse of a blue screen and then my comp reboots itself...
Edited by tixuana, 23 September 2010 - 05:22 AM.