I'm running XP Pro, and there is a process that shows up that was never there before. It has a serious of numeric numbers, followed by a :, and then more numbers with a .exe extention. I know all the normal files that show up in the processes section when you do a ctrl-alt-del (I check it regularly). This is definitely an intruder.
I've tried using a program called TDSSKiller get rid of it, but it appears upon reboot.
What this is doing is bogging down my PC and is blocking my anti malware program from being able to run, as well as blocking the updating and runnability of my anti virus. My anti virus is basically disabled. When I try to run it, the scans stop short and abort. When I try to run my anti malware, it starts, and then aborts. If I try to run it again, it says that it cannot find the file specified or that I don't have access to it. I am the Administrator on this machine with full privileges. I have tried running these programs in safe mode, with networking and without networking, but to no avail.
This I have observed:
1) When I do a search of this .exe file, I see an association with it in the registry as something to do with system root.
2) I have tried doing a System Restore, prior to when this accured (just occured yesterday, did a month back), did not work
3) If I navigate to my malware folder in DOS and try to run the executable from there, it says access denied
4) With Firefox, my searches are redirectired via some site called 5day(something). IE remains untouched
5) If I try to search for this .exe file, it can't be found, even though the TDSSKiller showed it in the C:|Windows directory. When I browse for it either via Windows Explorer or via DOS, I cannot find it. I have it set to show system and hidden files as well
I don't know if this is malware, a virus, or a rootkit, so am posting it here, as I think it might be a rootkit, which I just researched and learned about yesterday.
I have current anti virus installed, with updates to the .DAT files occuring just about everyday (until yesterday). I also do a complete scan of the hard drive once a week, and am behind a firewall with high security. I have no idea where this came from, or how to prevent this from happening again. All my incoming and outgoing emails are scanned and I do not open attachments from unknown sources and haven't had one from a known source in ages.
I would like to start with the simplest thing first, as opposed to reinstalling the OS, if that isn't necessarily what's needed.
Update: I just tried all the steps in the Super Antispyware removal and that did not help. I was able to execute a scan at the very last steps, but then the scan aborted after about 3 mins. Going to try this in safe mode as the administrator
Update: Didn't work, plus when I tried to repair the Windows Installation, it blue screened upon each reboot. The "Super" Antispyware removal program only found cookies, did not find this rootkit thing, so worthless for that.
Nuking the system (deleting and recreating partition, formatting, and reinstallig OS). I sure would like to know how this rootkit got on there, despite my layers of protection and weekly scans, so if anyone has any idea on that, open to views..
Edited by Giant44, 26 August 2011 - 09:18 AM.