after that i tried to update it several more times and my notebook's performance dropped drastically until it got unresponsive and i had to shut it down using the power button. yesterday i tried the mse definition update standalone installer, which failed as well - when running it the file extraction bar appears shortly and then nothing happens anymore. after that again the performance drops noticeably.
i looked at the event viewer and only noticed some I/O errors which made me fear that my HDD may have become damaged. i did some thorough HDD scans using chkdsk on all partitions and the windows memory diagnostic tool but no errors were detected.
then mse suddenly found some malware during the realtime protection - \\partition\\driver\info\explorer.exe - Worm:Win32/Pushbot
right after that i ran the following, of which ONLY THE MSE FULL SYSTEM SCAN itself found just one other copy of that, namely the same file in the same folder (\driver\info\) just on another partition! all the others found NOTHING!
i ran these (full system scan each time; including scanning system volume information on each partition; and system restore disabled), some of them several times:
windows malicious software removal tool
MS safety scanner
norton power eraser
norton bootable recovery tool (using a usb stick)
trendmicro housecall (online scan)
kaspersky free virus scan (online scanner is currently under construction)
bitdefender online scan
panda security online scan
symantec online scan
there are no suspicious processes/services running on my system and right now, except i try to update the definitions for MSE, the system runs well. only when i run windows update and try to update the MSE definitions, or do the same within MSE or with the standalone installer the performance drops heavily and when i manage to open the taskbar and performance monitor i cannot identify anything visibly stressing the system (neither cpu, disk nor memory), and the cpu usage is between 5-20% only?!
i dont know how (if at all?!) i managed to get infected, as i didnt do anything risky recently, and until now MSE did a great job making any other antivir app redundant since ive started using windows 7 during its beta, which should be some 3 years ago now. my only suspicion may be something really stupid... i was playing prince of persia: forgotten sands 2 days ago before that happened, and since the game has quite a bad game saving system, one cannot load earlier checkpoints than the most recent one. since i wanted to get all the achivements and i missed one, i wanted to reload one checkpoint before the most recent one, which isnt possible due to that bad system. so i looked through the internet and found some savegame files and tried them out; they came packed into a zip file.. - maybe thats the source of this malware. [just for the record - i didnt continue playing using these downloaded saves, i reloaded my own one through the savegame sync with steam and uplay :D]
so what am i supposed to do now? any clues why all these scans didnt find anything? maybe im really clean now, but theres still some damage left from the malware.. the hosts file looks fine and sfc /scannow didnt find anything to fix. maybe something inside the registry.. i think the best idea would be to simply uninstall MSE, run a registry cleanup, and then reinstall it and try to update it again. i wouldnt wanna use combofix if its not 100% sure its necessary..
my system specs:
windows 7 ultimate 64bit
hp envy 17 3d notebook
ati mobility radeon 5850
8gb pc3-10700 ram
Edited by necrophyte, 01 September 2011 - 05:49 AM.