I seem to have infected my PC with some kind of malware, causing a bunch of symptoms. The main result that I can detect is that search engine results are being redirected to those irritating ad portal sites.
Here are the symptoms I'm aware of. I've noted which ones are gone or changed after running security software.
- Firefox crashed/was killed off while I was loading a bunch of pages in a window. I don't know what page caused the issue, and Firefox had no record of the window when I restarted it. Immediately after Firefox crashed, the other symptoms began. Since that crash, Firefox has not closed unexpectedly.
- Fake security software was auto-starting, and re-starting if I killed it off. I don't recall the name. Fixed by Symantec AV 2006 (see below).
- Windows Task Manager and other utilities getting killed off immediately after launch. No longer happening after fixing the previous symptom.
- Entire filesystem changed to have "hidden" and/or "system" attributes. I fixed this manually, so I'm sure loads of files now have the wrong attributes.
- When logging in, the error message "The ordinal 1109 could not be located in the dynamic link library WSOCK32.dll" would pop up twice, with Symantec Anti-Virus in the title bar. This is not occurring now, but Symantec AV doesn't seem to be working properly anymore. Specifically, the system tray icon doesn't show up.
- Google search result links redirect to various advertising sites. This is still happening. I'm not sure about other search engines.
- Long hangs (10-15 seconds) when I download a file and Microsoft Security Essentials checks it for viruses. This is not just Firefox hanging, all of Windows is unresponsive. Not sure if this is "normal," since I was not previously running Microsoft Security Essentials.
My PC is running Windows XP Pro 2002, with SP3.
To be clear about what I've tried, here are the tools that I have run so far:
Symantec AntiVirus found and removed the executable that was running the fake security software I mentioned earlier. That file was "C:\Documents and Settings\All Users\Application Data\qoteqpeceyt.exe".
Microsoft Security Essentials, which found and removed "Trojan:win32/FakeSysdef", contained in the file "C:\WINDOWS\Temp\P5tM1QBI6DSS92.exe.tmp".
Malwarebytes Anti-Malware, which found and removed exactly the same file that Microsoft Security Essentials found, about an hour after I ran Microsoft Security Essentials.
DDS.scr, a utility that the Malwarebytes forum recommends running as a first step in diagnosing malware issues. This utility states that it should run relatively quickly (10-20 minutes), but it did not complete or produce the log file that it is supposed to create. I ran DDS.scr overnight, and in the morning the PC had become unresponsive. I could move the mouse, but nothing responded to clicks. The keyboard seemed to be "running" (caps-lock and num-lock could be toggled), but Windows didn't respond to any keyboard shortcuts.
GMER.exe, another diagnostic (maybe also repair?) utility. I don't recall how far this one got, but it also did not complete after running for several hours.
I think that's all I've got so far. Please ask for more info, I'm happy to run scans or give more details.