Posted 28 February 2011 - 03:55 AM
Hi everyone, I'm Steven and I thought I had a clue untill I hit this one.
I have an Acer Aspire One Netbook with XP SP3. I built it to replace my old XP tower when the power supply died and took the motherboard with it. (Lightening strike on a power line, melted the surge protector.)
I'm an enduser / hobbiest. I read a lot on the net, but have no formal training of any kind. I have a very highly customized set up with a lot of layers of protection. But, it's not doing me any good.
I have a full retail copy of XP SP2 from years ago. The first thing I did was wipe all of the Acer stuff off of the drive and set up a clean copy of XP. This setup has been running fine until recently. My only active real time AV / FW system is the full suite from PC Tools. But, I do have lots of others as backup scanners / HKs like SuperAnti, Spybot S&D, Root Repeal, Malware Bytes and more. I also have every service turned off that can be and I've changed a lot of system settings with TweakXP. I've set up custom rules for all of my IE zones (IE8). I have my swap file encrypted with BC Wipe. I have all my personal info (taxes, ect) encrypted with AxCrypt. I have a very complicated password scheme and so on on so forth. For the most part, I've shut down pretty much evrything in Windows that can be to make my system as tight as possible. For instance, I don't use system restore, instead I use the free sector by sector back up tool from EASUS. In other words I've done everything that I've read that you're "supposed" to do to make your system fast and secure.
Except for one: Like a big dummy I haven't run a back up in about a year. I have an old, old clean state copy I could back up to, but I'd loose a bunch of stuff I want to keep. So I burned all that to DVDs, wiped my drive clean and started over. And now the ^%%$##$%^^ infection is back again. And yes, of course, I waited until I was fully configured / protected / updated before I put my data back on here. And I scanned all of the disks before I copied them to my drive. They all came up clean. But I'm infected again. (As a side note: internet is included with the rent, and I can't prove it but I think their network is dirty.)
I have done everything I can think of to kill this infection, but it just won't die. So far I have removed the Mervon.A worm from my system about 6 times and the Trojan.Generic twice from my system.
And all of my tools tell me that I'm now clean (YET AGAIN!!!). But I know that I'm not because settings keep getting changed in my system and my AV. And, folders that I can normally access are now locked, like C:\Docs and Settings\User\Local Settings. And I have strange folders and zip files that keep coming back (Folder = APPS\2.0, Zip = IDP.zip and UDP.zip. The UDP one is full of IP addies). I also have strange .tmp and .xml files cropping up that I can't delete, or that recreate themselves. Plus I have a ton of unknown hardware in my Device Manager now. Approximately 2 dozen items. Under the details tabs they all start the same Root\Legacy\ a bunch of different stuff. But all of my hardware is actually working fine. And all of the last parts of the enrtries look more like services than hardware?
Also, at this point I'm really starting to doubt my skill level; so maybe that back up is not as clean as I'd like to think? What if I had this crap then and didn't know it?
So can one of the Guru-Gods of computing please save my butt? I need this stupid thing to work lickety-split so that I can do some training stuff for work before they fire me for not getting it done and balance my check book / pay my bills without some 12 year old in Bulgaria getting my social and prefferably without loosing the years worth of persoanl data which I was too stoooopid to back up.
Many, many thanks,