It all started 2 days ago, where I got hit with the S.M.A.R.T. HDD problem. I had a 2nd computer nearby and watch the youtube video I found from the forum creator (I think). Regardless, my computer (Vista 32 bit) hung on reboot in an attempt to get to safe mode. Nothing worked, except F11 which took me to a system restore. There was a restore point from a Windows update earlier that day, so I did that. A short time later, windows reloaded. The SMART HDD Problem appeared to be gone.
Initially, once I rebooted, Microsoft Security Essentials caught TROJAN:DOS/Alureon.E. All it said was suspended. I did try to remove it it, but the Apply actions button was not an option. I dove deeper into searching for a solution.
I downloaded TDSSKiller, it did not find it. Only a file called smtp or something that was medium risk.
I tried Malware Bytes. It found a couple of trojans and spyware, none being Alureon.E and removed them. I ran HitMan pro, nothing. I tried aswMBR, it found a couple of things, and then wanted to do a deeper scan with new virus definitions.
I ran Comodo Killswitch last and found no suspicious activity.
Obviously, I forget the steps I took. Here are the current problems.
Security Essentials still see this Alureon.E @ start up and claims to Suspend it.
Some folders on my desktop are now a slightly different (shaded) colour. There were 3 docx files on my desktop that were never there( I deleted them). There were 2 desktop.ini files on my dektop that were never there before, I deleted them.
I tried some of the manual steps from here http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller.
None of the 4 files were found in the registry.
The last and most interesting thing is that when I went to manually delete files in c:/documents and settings, that folder too, was a different colour than the rest, I was denied access, and the most interesting part, was that the system date was older than the computer, ie, 2006 when the laptop was bought in 2008. Further inspection found that several other folders in users/ folder had the same characteristics. Denied access, and older system dates.
Am I screwed? I have 'functional' computer. I am using it to post this. However, I am paranoid that it is being hijacked at any minute.
I do occasional system back ups, the last one being 2-3 months ago.
ANY help would be appreciated.
PS: I just noted that in IE 9 all of my favorites / boookmarks are gone. Nothing there.
I did run CCleaner last night and cleared my cache, and all the other stuff it does, along with cleaning the registry. I have used that tool for years without problem.
Edit: Moved topic from Vista to the more appropriate forum. ~ Animal
Thanks, I just realized that too!
Edited by jkovats, 09 April 2012 - 01:01 PM.