Posted 26 February 2012 - 10:43 AM
I noticed that my computer is running kinda slow lately. It tends to freeze sometimes, but will continue running after about 20 seconds. When I scan though, the scanners always seem to get blocked (this applies to Malwarebytes and SUPERAntiSpyware, not Avast!). Whenever I scan with MBAM or SAS, the scan grinds to a hold after a while, and I'm forced to cancel the scan. (usually through manually killing the process, as it usually crashes and won't respond). Avast scan doesn't get blocked, but finds no threats.
I tried something that a friend told me a while ago. I ran TDSSKiller, and it found nothing. Then I ran Rkill, and that's when I noticed something. There's a file/folder in my AppData directory called RarSFX0. When I ran Rkill, a command prompt screen popped up, with that RarSFX0 directory as title, looking as if it were running iexplore.exe. Simultaneously, my Avast! AutoSandbox gave me multiple pop-ups, each one saying that it had terminated a program that was running from that RarSFX0 folder. Names included iexplore.exe and iexplore.com. It had blocked my Rkill too but I told Avast to let Rkill run normally. I disabled the AutoSandbox for a minute to let Rkill run, then re-enabled it. Rkill terminated 2 Akamai NetSession processes and Avast!, along with one other process but I can't find the Rkill log anymore. I googled RarSFX0. Apperently it's a temporary file/directory that appears when using WinRAR. I removed WinRAR over a year ago though, so malware seems like the only possibility.
Any advice on how to remove this infection?
System: HP Pavillion dv7 Notebook
OS: Windows Vista Home Premium 32-bit