Well yesterday, upon surfing my usual sites, one of them happened to be hacked (by some hacker organization, Tiger something). I started having problems during the afternoon when my avast! Antivirus found 3 files that were infected with a trojan. I forget the name, but the 3 files were .dll files and were located in a folder called the SysWOW64 folder. Anyway, two of the files were successfully moved to the Chest, but the last one (which appeared to be the same file as the first one) failed to move to the Chest because it apparently did not exist anymore. So I just ignored that one and proceeded to do a boot scan like avast! suggested.
After the boot scan completed, I logged back on to Windows normally and everything seemed fine... Except the fact that I could no longer run a majority of my .exe files. I could still run Task Manager, Windows Explorer and Microsoft Security Essentials, but programs such as Mozilla Firefox, Google Chrome, avast! Antivirus, Malwarebytes, etc. all were unable to run. I looked in the Task Manager and what was usually 100 processes at startup had dwindled to about 60 processes. It definitely was not lag because my computer was not using any memory at all. At this point, I started to suspect either A. it is a rootkit virus and the trojan was just a mask or B. some of my essential files got deleted, preventing me from starting any .exe programs.
So far, I have concluded that it is most likely not the loss or corruption of file association with .exe programs because in regedit, the /exefile/shell/open/default "1%" * or something key is still intact AND because I still had rundll32.exe and dllhost.exe on my system.
However, at the same time, it appears unlikely that it is a virus as well. In Safe Mode (yes, .exes even failed to run in Safe Mode, only could use Microsoft Security Essentials), I did a full scan with MSE and it found nothing. Subsequently, I went ahead and used Kaspersky Rescue Disk 10, which ran a scan and found nothing and then I used BitDefender Rescue Disk, which ran a scan and found nothing.
So at that point I was fairly lost about what to do because I couldn't run anything in Safe Mode or in normal mode and anti-viruses failed to find anything. (In total, I've ran avast!, MSE, Spybot-Search & Destroy, Kaspersky AND BitDefender) So in desperation, I attempted to do a System Restore via the System Repair Tool. And it worked. I'm typing this on the problematic computer right now, and everything seems to run absolutely perfectly (save for a long load-up at start after the System Restore, but I suspect that's natural because the system is indexing files) which makes me suspect that maybe avast! deleted or corrupted one of my important files during the boot scan.
However, I am still not fully convinced that this is not just some very nasty rootkit virus. So if possible, I would very much appreciate it if someone could give me directions to help ensure my computer is not infected.
Thanks in advance.
Edited by Quiet Bagel, 26 September 2011 - 09:45 AM.