The problem originally manifested Sept. 28 as popups on my monitor claiming it was from a company called Antimalware Doctor that had found viruses on my machine. I closed all appearances immediately, but afterwards I could not access the Internet, my e-mail or Word documents.
I did scans with (newly updated) Malwarebytes AntiMalware, SpyBot Search and Destroy, SuperAntiSpyware, my AVG antivirus program, Windows Defender and Windows Malicious Software Tool Remover. Each one found viruses, spyware, malware, etc. that the others hadn't (full scans were done about two weeks before this that showed zero infections). I now have full function of my system and can get online.
None of the software, however, can repair the remaining problem - being redirected to fake antivirus or insurance sites when I use either Internet Explorer or Firefox. I don't know if these fake sites are continuing to dump more crap on my machine. It doesn't look like it, but I can’t be sure.
As an example, if I click on the link to the MalwareBytes site using Firefox, this Web address shows up instead:
hxxp://googleads.g.doubleclick.net/pagead/nclk?sa=L&ai=1&u=http%3A%2F%2Fwww.malwarebytes.org%2F Sometimes it takes me to a fake or scam site, usually anti-virus, insurance or travel related, and sometimes Firefox prevents the page from redirecting.
I see from other reports that this problem is not unique to me.
The Kapersky online scanner says I have been infected by Trojan.win32.agent2.cvif, and that it is being activated through one of my svchost.exe files. Kapersky, however, does not make any mention of how to get rid of it or what files it is made up of.
When you look through my logs, could you possibly also keep an eye out for a solution to a lesser ongoing problem that started about a year ago – I publish a magazine from home and after a couple of hours of using Photoshop, Word, Quark and other software, the Task Manager shows that the virtual memory size of “explorer.exe” is at 1.2 million K and operations have slown to a crawl or frozen, forcing me to reboot. This never happened in four years until a few months ago. None of the publishing software has been added or upgraded in the four years.
As an aside, as I write this, I have eight instances of svchost.exe showing up on Task Manager and all I have open is a Word document. Is this normal?
I await your words of wisdom with Hijack This, ComboFix, DDS, GMER and Root Repeal already installed, caches and temp files cleared out, and defragmentation done on both drives. I have the XP Recovery Console on a CD-ROM, but it is not installed on the drive.
Thanks in advance!
Edited by Orange Blossom, 30 September 2010 - 10:31 PM.
Deactivate link. ~ OB