Posted 05 January 2012 - 11:03 PM
Hello. I have recently been infected with the Vista Antivirus 2012 malware. I thought I killed it twice but it came back two weeks later. I cleaned it a 3rd time, but I don't feel confident that's it's really gone. Is there any reliable way too be sure?
Here's some background, it's lengthy but I want to give as much info as I can:
I have a Dell computer running 64-bit Vista Home Premium (service pack 2). I was using Microsoft Security Essentials for a couple of years with no problem until a feww weeks ago the rogue antivirus popped up on my screeen. (It may be coincidence, but it happened while I-Tunes was doing a program update.) At first I thought Microsoft had repackaged MSE--the virus looks very authentic. MSE had been disabled and replaced with the virus. I was able to kill the process in task mgr, rebooted in safe mode, installed Malwarebytes Antimalware from a flash drive and did a scan. Internet Explorer was broken so I scanned with out-dated definitions. MBAM still found and quarantined several files. Just as a precaution, I also ran a scan with a free version of Emisoft Anti-malware that I had installed once some time ago. Emisoft found and removed another file. I couldn't get any browsers or MSE to work, so I used system restore to roll back a few days. Everything seemed to be working again and I re-activated MSE and ran a full scan, found nothing. Just for the heck of it I ran the Emisoft and MBAM scans again, all finding nothing, so I thought I was home free.
About two weeks later, the same thing happened. This time I couldn't kill the process long enough to run any scans, so I system restored back one day. I actually had problems doing the system restore even in safe mode, so I booted in Repair mode and did a system restore from Repair mode. I scanned and cleaned with MBAM, MSE and Emisoft. Emisoft found a few infections--the others found no threats. Most of the infected files where found in the Java\Deployment\Cache folder, so I turned off the Java auto-updater. Just to be sure, I downloaded and ran Super Anti-spyware, which found a few cookies but nothing serious. I rebooted and ran scans from all engines again, all coming up clean.
Later that same day, the malware popped up again. I repeated the same process to restore back two days again and did another bunch of scans until they all reported no threats. The next day I found removal instructions from this website, disabled system restore, and went through the entire procedure from RKill & TDSSKiller thru MBAM. TDSSKiller identified a "suspicious" sptd.sys, but there was no "cure" option so I skipped it. Otherwise, none of the scans found anything. As a precaution, I performed an online scan with Trend Micro Housecalls, which only found a few low risk cookies. Because MBAM seems to hang my PC in normal mode, I did most of the scanning in safe mode. I un-installed MSE and downloaded it from Microsoft, but I have not re-installed it yet. I did re-enable system restore, but all the restore points are from after my last battery of clean scans. For now I have Emisoft running with full time Guard. I have rebooted a few times and run repeated scans with MBAM(safe mode) and Emisoft (normal mode), always showing no threats. I also ran TDSSKiller again in normal mode and found the same suspicious file. I have since also un-installed JAva. I plan to re-install from their website. Meanwhile, I am afraid to allow any program updates except the virus scanners. Maybe I'm just paranoid.
If this virus didn't already come back twice, I would not be concerned. I just don't know if I missed something or if ther is a hole in my security. It got thru once. I often work from home through VPN/remote desktop connection, but I am afraid to do it now. I don't want to bring dowm my whole office.
Does anyone have any suggestions other than wait and see? I would appreciate any advice.
Thank you in advance.