Posted 30 September 2010 - 06:08 AM
Hello all, I really hope someone can help me with this. I've been butting heads with it for about three days now.
Windows XP SP3, formatted and reinstalled this spring.
1.) Monday the computer was suddenly and obviously infected by AntiSpyWare Doctor urging me to send them my credit card. Right. I did AVG, MalewareBytes, and found some things that were removed. But the Trojan didn't go away. Not even close.
2.) I read some forums online and found out about rkill. Tried it, didn't work.
3.) I got serious, and this is what I've done for the past day or so:
a.) Installed McAfee Stinger, and SuperAntiSpyware. Updated all of them.
b.) Rebooted into Safe Mode with Networking. Scanned in this order: Stinger, AVG, SuperAntiSpyware, then Malwarebytes. When stuff was found, I didn't reboot right away, but quarantined and then moved to the next program. When it was all done, I rebooted normally, then reupdated all of the programs except Stinger. Rebooted again into safe mode with Networking, and then redid exactly what I described above.
c.) Each time, Trojans were found and some of them were in the RESTORE part of the registry I think. Each time, they were deleted, but each time I returned to a normal boot, it was obvious that my computer was doing things behind my back. The boot up is a bit slower, and it takes an eternity to get into Firefox. Also interesting is that when I do a CRL+ALT+DEL my task manager is missing the tabs on the top. Hmmmm...
The trojans that I remember seeing in the logs are Generic10, Generic2, Gen-something, among droppers, downloaders, and stuff like that.
Any recommandations? Also, if I need to reformat my system, which I am really considering in my frustration, is it possible that I could infect my external HDD if I copy over pictures and music and stuff like that? I've disabled auto-run since a long time ago, but I'm not sure if that would help.
Any assistance would be extremely helpful. I'm lost over here and I feel as thought it might be getting worse every time I reboot into normal mode.