Came to know about this site through google, after my half-day ordeal(could have been more if it were not for you !).. Here are the details :
I use win7 64 bit home. Got infected by a fake AV - Win 7...2011...(you made me forget its name so soon !!! ) that came after merely downloading a zip attachment from a legit source(or so it seems). The fake AV was preventing me from using browsers and installing Malware Bytes (MBAM). So i used internet from virtual box.
1-I ran Rkill and got rid of the fake AV as suggested here.
2-Used net from win7 itself and got MBAM and found Trojan.Fakealert at 4 places \AppData\local.
Killed them all.
Free avira had detected "worm rorprian" but was unable to resolve my problem.
NOW IT SEEMS THAT ONLY ONE ISSUE REMAINS :
Rkill removes this file called InfDefaultInstall.exe every time i run it. Is this a component of the malware ?
Also, all the bad files kept reappearing in Rkill logs until MBAM got rid of the "runonce.exe". Does it reinstall c-r-a-p on boot ?
thanks and warm regards to all of you.
Edited by bad man, 27 March 2011 - 10:40 PM.