After searching for a program online, I was directed to a website that I just knew wasn't trustworthy. You've all seen them before: terrible graphics and layout, horrible grammar/sentence structure, etc. But I thought I'd give the guy the benefit of the doubt, since the program was "freeware" and, hey, what do you expect for free?
After downloading the program, I fired it up. I started getting this message, something to the effect of "Do you want the program taskmgr.exe (unknown publisher) to make changes to this computer?"
After clicking "no" about five hundred times, I became a bit frustrated and said, "Fine! Whatever!" and clicked "Yes."
Stupid, I know! And now I'm paying for it. This is, in twenty years of computer experience, the absolute worst infection I've ever had.
Microsoft Security Essentials (MSE) shows that I'm infected by Trojan.Win32/Sirefef.O, Sirefef.I, and Sirefef.J, TrojanDownloader:Java/OpenConnection.OS and Java/OpenConnection.OU, Exploit:Java/CVE-2010-0840.KI, Backdoor:Win32/Smadow.gen!B, and Virus:Win32/Patchload.O.
Of course, MSE continues to tell me that threats are being detected, and that a reboot is required. I've rebooted about two dozen times after it tries to either remove, quarantine, inoculate, or whatever, and it just keeps coming back. MSE is also reporting internal errors, the last one being 0x8007054f.
Task Manager shows a process running called "2430975358:2168593007.exe" Process ID 788 (though the PID varies depending upon reboot.) I've tried deleting the file manually - no luck.
Malwarebytes will scan the Hard Drive and as soon as it comes to this process, the scan (and Malwarebytes itself) will immediately close. Scanning with Microsoft Safety Scanner produces the exact same result - it scans for a moment, and then completely shuts down.
Once this happens, any attempt to restart either program results in the error "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." I must re-install either program in order to use it again, which is useless at the moment.
I have tried renaming each of the .exe's (both the install and the program executable) to avoid detection by the malware, but it does not work.
I have tried using OTH and RKILL before running either program, but that has not worked either.
I have ran ESET's online scanner, which found and quarantined three files but did not remove the offending malware.
I have done all of this with normal, selective, and safe startup.
The other symptom I'm having is redirects to such exotic locales as: signalsearchsystem.com, topusaprizes.com, beechwoodgrangestud.com, search-fast-results.com, guide2flashlights.com, etc.
My Google searches now yield "about 0 results" and display only about five results.
I think that's about all I can remember. Can someone please assist me with this? I've been fighting this infection for six hours, so if you can't offer technical assistance, maybe some Dr. Kevorkian style help will do?
Thank you in advance, for all the work you do around here, and for whatever you can do for me!
Edited by ultranothing, 27 October 2011 - 08:25 PM.