On Sunday night I think a virus / malware by the name of Whitesmoke managed to get through my AVG virus protection. AVG claimed to have quarrantined the files, but on Monday when I started up my system and launched IE8, the Whitesmoke toolbar was installed. I immediately disabled it. I went hunting for Whitesmoke and found it in my Add/Remove Programs list and uninstalled it. I thought it was gone.
Shortly thereafter I started having the following issues:
1. At frequent intervals when using IE8, I get the following message pop-up: Host Process for Windows Services stopped working and was closed. A problem caused the application to stop working correctly. Windows will notify you if a solution is available.
Closing this popup launched a new window PROBLEM REPORTS & SOLUTIONS, with suggestions for the fix, the first of which is a link to Windows Update. When I visit that link, or try going directly to the Windows Update website by clicking the Microsoft folder on the Links toolbar, I get a blank page (Internet Explorer cannot display the webpage). If I try to visit that page from any other link I get the same result. If I click on this, it turns my taskbar from dark gray to white and alters the font / appearance of buttons.
2. Just while typing the above line I just got the following message from AVG: AVG detected a program trying to install itself (C:\WINDOWS\TEMP|PDIR\SETUP.EXE). I quarrantined it immediately with AVG. This is at least the fourth instance of a malware attack that AVG has alerted me to since the initial situation occurred on Sunday night --- I've supposedly quarrantined them all but can't be certain.
3. I tried to use a System Restore point to go back to May 1st, a week before the attack. Seemed to work for a few hours, then back to same problems.
4. Since then, when I try to access AdAware, I immediately get a message Couldn't Load the Resource Manager and the program fails to launch. I decided to try uninstalling it and re-installing a fresh download, but the Uninstall will not allow me to access the program.
5. I downloaded Malwarebytes at the suggestion of a colleague and ran that and it found three malicious programs. Twice since then I have run it and it claims to find no other malware.
I'm running Vista on this machine. I still have internet and other than this annoying recurrence of some bothersome pop-ups (and the disabling of AdAware & Windows Update) this doesn't seem to have significantly affected my ability to browse the internet, download/install software, check email, etc. I am by no means what I would consider computer savvy but I can follow detailed directions pretty well. I don't have ComboFix or Hijack This or anything of that type already installed on my PC --- malfunctioning AdAware, Malwarebytes, AVG is it.
I've googled Whitesmoke and found a number of sites (including this one) that have other users who have had similar issues, so I'm fairly certain its that or at least related to it. The fixes mentioned in several of those forums seem a little complicated ---- I have install disks for Vista, my printer, camera, drivers, Office, etc... and I don't have a ton of personal files that I would need to back up (maybe one afternoon of burning family photos to a DVD or two). Would it be easier to just re-install Vista and my other applications at this point? If so, would that eliminate the problems?
Any help you can provide is greatly appreciated. As I said, I don't have a lot of experience with security type tools, knowing what to look for in scan logs, etc. so please consider that in your response.