Posted 06 September 2011 - 10:26 AM
Guys- I hope someone can offer up some assistance here, we're beating our heads against a wall over this one.
We've got a client running Windows XP SP3, and all of a sudden he's getting a "Windows Security Alert" popup that talks about windows firewall blocking access to programs such as AV and malware scanners. If you select 'unblock' the programs will open and your scans will start up with no problem....then simply shut off.
This happens with:
Kaspersky virus removal tool
The browser is being subject to a hijacker too, so there's no searches to be done on this machine, from IE or Firefox.
I've searched the boards here for a solution, but the closest I can find is a report on "False Microsoft Security Essentials" or something along those lines that suggest running Rkill to eliminate nasty processes that stop these scanners from running.
Well, we tried that. RKill comes up with NO malicious processes.
Anyone ever seen this one before?
As a side note: We've seen this one once before and decided to do an external scan on it- hook the drive to a bridge and scan it with a healthy machine. It got rid of the infection alright, but it also screwed up something badly enough that there was an error message on startup IN GERMAN! And we weren't able to mount the drive back to a PC to back up data from it...we needed to use a Mac to see anything that was still on the drive.
We're at a loss here. If anyone's got anything we can try- aside from 'wipe the drive and start over' please let me know.