Oh, my first post. My Name is Todd. Been doing computer consulting for the past 18 years. Am fluent in Windows, especially Linux (wish I had more Linux customers), and sometimes Apple. I have a bachleors degree in electrical engineering. If you have a broken computer and want to pay me to fix it, I figure it out in a hurry. (I fixed probably the last DOS computer in the county in December.)
I have a customer with XP Pro SP3. When I went to install Kaspersky Endpoint Security (kes10win_10.1.0.867en.exe), I got three prompts telling me c:\windows\system32\grpconv.exe was locked. So I uploaded grpconv to virustotal and got told nothing was wrong with it. I was able to click past the prompts.
Unlocker said grpconf was locked to explorer.exe
Suspecious, I ran GMER root kit revealer from http://www.gmer.net. Found nothing. Not satisfied, I ran combo fix. Got to the "it takes 10 minutes..." message and then nothing. So I left it run overnight. ComboFix never started counting. And, in the morning, the machine was frozen.
Her machine is running slow and weird too. I am so suspecious.
I found this on the web: http://www.securitystronghold.com/gates/grpconv.html
But I smell a rat.
What would you do next?
Is there a way to run Combo Fix from a PE disk? (Virus would be off.)
I would run Kaspersky's Rescue Disk, but as I sell Kaspersky, I have learned that if the Windows product doesn't catch it, neither will the rescue disk, as they both use the same scanner and defination files.
Edited by ToddAndMargo, 08 June 2013 - 11:49 PM.