I consider myself an avid PC user...I have been known to be ruthless in my destroying my spyware, sometimes printing out documents that say the name of the virus and ripping it up (just kidding!). Anyway, I can't seem to get a handle on this one.
First, some notes on my defense systems:
* I have the full version of Spyware Version
* Home version of Adaware-SE
* Spybot Search and Destroy
* McAfee Virus Scan
* McAfee Personal Firewall
* Registry Mechaninc, full version
* Windows defender
And some notes on my computer:
* Dell 4550
* State-of-the-art when bought
* 2.5 Ghz, 1 GB RAM, you get the picture
* Has been virus and spyware free for 2.5 years
So, this is the first one that's got through. The first symptoms were tons of pop-ups. I ran Lavasoft Adaware and found 49, and removed all but two. They said they would remove it upon restart. Upon restart, windows defender notified that I had several 'critical' peices of spyware on my computer. I ran spydoctor and found some more, and removed them. Then McAfee said 'We have found a suspect file on your computer, we recommend a scan now'. Before resorting to the 45 minute virus scan, I decided to run Spybot. It found some bad ones too, like disabling of windows update, windows firewall, etc. I did some research on the one that disables windows update. I read this report and I thought 'ok, its fine'. But then, when I restarted my computer, windows update was disabled. I enabled it. Restarted, it was disabled again. I ran Spybot again, it detected the same group of spyware including Netmon and Look2Me. I removed them, then ran McAfee, found 13 viruses killed them, then restarted my computer. This cycle repeated for the last few days, with some of the same viruses and some new ones too. Eventually, I tried to system restore to May 19, and it failed. Then I tried May 16, that failed too. Obviously this has gotten deep into my system. I was hoping someone could offer some suggestions to me.
Also of note, McAfee Virus Scan is disabled, and I can't reenable it. It is enabled after I restart for about 10 seconds, then some process starts, and it's disabled, along with Windows Security Center.
I am now on my laptop, because my desktop (infeceted), is on lockdown. I got an error message on my desktop that said:
"C:/msdosmgr.exe the NTVDM CPU has encountered an illegal construction. CS 0544 IP: 0124 OP:6374 28 29 3a"
I traced the file, and found four newly added files to my C drive:
I know lsass and svchost are system processes, but they shouldn't be in that folder, so I deleted them all.
As said, I have locked down my computer so nothing else can get in or out. Another symptom I was having (pre-lockdown) was bad net connection. I have confirmed that my internet is fine using my other computer.
The saga continues...
Topic with my Hijackthis log:
Edited by htdefiant, 31 May 2006 - 05:30 PM.