I first noticed a problem with my AV Webroot with SpySweeper. It was not loaded to actively scan and protect me, when I tried I got an error I never saw before that said webroot had to close and to restart the program, and a status bar showed a progress of closing the program. but after it finished and I clicked OK the program would not start at all nor could I run any scans.
Then I noticed Windows Defender was turned off, and I turned it on but a scan would not start. I tried Malwarebytes and it ran once, said it found something but needed to reboot to fix, I rebooted and malwarebytes did not load and run nor could I ever get it to run a scan after that and I could never find what it had found. The same scenario happened with AVG free and any other scanner I tried including kaspersky. I even tried donloading them from another computer to a flash drive and installing from it but still could not get any scans to run. I now suspect the flash drive is infected. Its a 4gb flash drive but after a format only 3.76GB is available and sometimes a file named HIMEM appears on the drive which I am able to right click and delete.
After 3 weeks of getting no where I decided to delete the hard drive and do a clean install of WIN7. I ran Killdisk twice, then installed Win7 from Microsoft CD. Things seemed great for a couple of hours, running Windows updates, got AVG free and then the problems started again the moment I installed AVG it would not work right, if it ran a scan everything reported OK nothing found.
I have managed to get webroot installed and working but it still does not find anything. I am new to Win7 but the file tree seems wrong, there is multiple sets of the file tree, Multiple Documents folders and some are locked and look like shortcuts but say they are folders and I get "access denied" when trying to even click on the folder.
I was able to get ThreatFire to work for about a day and it would pop up with alerts on almost everything I tried to do, any program launched would include additional operations like deleting and creating registry keys. The whole file system seems suspect to me but again I am unfamiliar with WIN7. I also found locked files located in temp folders in all of the sets of folders. I have found at least 5 different temp folders in various areas. I ran ATF but it did not delete all of the items in these folders.
My goal is to have a completely clean install of Win7 with NO residual files from prior versions or software. I have already backed up any documents I wanted to keep and located the drivers needed for my video, audio, etc. But it appears whatever this Malware is Killdisk does not kill it.
I have installed all the recommended software, tried uninstalling the antivirus applications and reinstalling. It seems as iff the moment the exe is ran the Malware infects it. I do see the AVG, MBAM and Webroot engines running in services but yet I cannot access the programs nor run scans with the exception of Webroot, which I located the exe file in explorer and directly right clicked and ran as admin, then I was able to load the Home panel and perform an update (something else I could not do before with any security software)but it always comes back clean and occassionly 6 common cookies that keep returning but are low threat.
I believe this is a very nasty infection that is able to corrupt valid system files, prevent being seen and I think is opening a backdoor connection. Some of the suspect files I have searched have pointed to different Trojans but I can not get any info on any of them, the infection will not let me view those pages. I have tried to set all security levels to the highest, turned off activex and java etc. But it does not seem to make any difference.
Edited by StephL67, 27 March 2011 - 04:00 PM.