Posted 15 April 2011 - 01:37 PM
I've been having some trouble with a virus that doesn't seem to go away even AFTER a destructive restart. I'm using an HP Pavilion with XP pro. A couple weeks ago, AVG Antivirus found a virus that it couldn't remove. After further unsuccessful attempts to remove it, I did a destructive reboot from the HP D Drive, to restore Windows to its original factory settings. Everything appeared to be fine for a few days, during which time I limited my online activity to only absolutely safe sites, like the NYTimes. Then a program claiming to be an Antivirus program randomly booted onto my computer, claiming I had a virus. Since I hadn't downloaded this program, and it was running a lot of applications without my permission, I downloaded AVG to remove it, unsuccessfully. Since I had just done a destructive reboot, I wasn't going to lose any data by simply doing it again--so I did, and installed AVG again, and ran a scan immediately. My computer was running fine for about a week after this destructive reboot. Now I have virus that redirects me to Ad-sites via google-analytics when I click on links in Google and news sites. AVG has found nothing. Malwarebytes found one item
PUM.Hijack.Startmenu at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff.
I tried to use Malwarebytes to remove this, and then restarted my computer. Malwarebytes was no longer accessible. AVG again came up with nothing. After I reloaded Malwarebytes and ran it, it found nothing. I then tried to download Ad-aware but that has been "loading" for the last two hours and I can't seem to get the program to even work.
It might sound like I keep getting new viruses, rather than having the same one persist. But I wish to underscore, again, that I have limited myself to visiting only a few absolutely safe sites that I've visited for many years without problems or issues, because I wanted to see if the problem was fully solved. (I usually visit only safe sites of course, but I wanted to stick to absolutely safe ones I had used for years to make sure the problem was gone). This leads me to suspect that the virus is persisting even after destructive reboots. One interesting thing/qualification: Each of the two times it reappeared, it was soon (an hour or less) after downloading a file in Gmail from a trusted source--a PDF file from my Dad, and an MS word file (with a term paper) from one of my students, neither of whom would send me a virus.
Is this virus IN my Gmail? (Is that even possible?) Or it is simply persisting even after destructive reboots? Any help or advice anyone could offer would be very welcome.