I first posted (7 Nov) this on the "Am I Infected Forum?" Am opening this post per instructions received from other forum.
I believe our desktop (Compaq Presario SR5350 w/Windows Vista) has a virus due to symptoms, but nothing has identifed itself. First hint was Microsoft Security Essentials showing as disabled upon bootup and not being able to restart the service. Uninstalled MSE and installed Avast with same result; shields disabled and can't be started. Ran Malwarebytes (MBAM), but it crashed after a few seconds. (MBAM ran to completion two weeks ago.)
Downloaded RKill from another computer and transferred via USB key. Ran RKill; it completed but showed no processes stopped. Tried running MBAM from Start Menu, but got error "Windows can't access the specified device, path, or file. You may not have appropriate permission to access the item." Was logged into the administrator account.
Uninstalled MBAM and reloaded it using file newly downloaded from another PC and transferred via CD. MBAM started, updated, but the window disappeared a few seconds after scan started. Tried to re-run by clicking on mbam.exe file in /program files/... folder but got the "windows can't access..." error. Copied the mbam.exe file from other PC to a CD. copied mbam.exe to infected PC's desktop and renamed it.
- Copied renamed file to MBAM program files folder and clicked on it to run it.
- MBAM started but then disappeared after 3-10 seconds (scanned a max of ~100 files).
- I went to MBAM program folder, clicked on the renamed executable: got same "windows can't access..." error.
- repeat about 7 times with different renamings of executable (e.g., changed both prefix & suffix).
- mostly tried running MBAM in normal mode but also tried running MBAM in safe mode; same failures. also ran RKILL sometimes prior to starting MBAM. No processes shown as stopped; no affect on MBAM failure.
Since first post on other forum, I downloaded and ran SuperAntiSpyware on the PC. Same results as with Malwarebytes. I could start the scan, but it shuts down and the window disappears after about 5-10 seconds. I then got the "windows can't access...." error message if I try to rerun it without creating a new renamed executable file.
Also did a google search and the results were redirected to some site selling software.
I don't know if this is significant, but I'm now intermittently getting a Windows alert that "2492611937.exe has stopped working". I've just ignored these.
Having been instructed to post to malware forum, I have disabled CD emulation, downloaded DDS and GMER to a clean computer and copied them over to infected one. Was able to run DDS; logs are attached. However, GMER shut down after a few seconds on the configuration screen while I was making the requested settings changes. Upon trying to run it again, I get the "Windows can't access.." error.
Appreciate any help you can provide. Had our other desktop crash with apparent hard disk failure this same weekend so would be nice to get one working. Regards.
Edited by 2wet2rain, 11 November 2011 - 12:51 PM.