Hello all
I can normally fix these sorts of problems using info already available on the net, but this time I’m completely at a loss. I am getting repeat infections that avast seems to pick up on but not before it gets chance to do nasty things, there’s something malicious going on without doubt.
My system: Ageing but normally very reliable Win2k SP4, Avast, Kerio firewall, spybot, brother scanner/printer, IIS5.0, Mysql, Thomson USB modem (Tiscali)
What’s happening: various things - seemingly no problems when i’m not online, but when i connect it can take hours or just seconds before avast will inform me of an infection in a file, normally in the system32 folder, so i move it to chest. Sometimes before this, sometimes after, svchost.exe will crash with a 'memory at 0xffffffff could not be “read” ’ error, then the pc is unusable till a reboot, as drag and drop, cut and paste stop working, and I cannot disconnect the modem without pulling the plug out. Sometimes other things happen too, the Mysql service will be set to ‘disabled’ without me knowing, and whenever I launch an app, windows installer will pop up saying it has to “configure Office 2003”. If I cancel this window, it will respond by saying MAPI32.DLL is missing or corrupted and I should reinstall Office.
What I’ve done so far: I searched the HD for rogue files, and deleted some suspiciously named and dated dll’s the most difficult being tuvvtrr.dll which would only delete in safe mode cmd prompt. I ran Vundofix and it removed some files from system32: gftjol.exe, nfenka.exe, wapa.exe, wfzc.exe. I checked IIS was locked down okay so ran IISLockdown (twice - off then on again) and some dll’s had given themselves file permissions. OSE.EXE, gmer.exe, aof.exe also deleted. I checked JRE was up to date and reinstalled it.
I’ve run hijackthis, deleted some entries and now cannot find anything wrong in there, apart from “O23 Service:MySql… …c:/program.exe” which I have removed once but is now back again.
I’ve attached my hijack log. I’m out of ideas now. It’s like the firewall and antivirus software aren’t even there. I can’t stay offline all the time and I’ve some important stuff to finish for a deadline, this is driving me up the proverbial wall. There’s a huge hole in my defences but it’s so big I cannot find it. Up until the 22nd I have NEVER had so serious a problem as this. I guess I could re-install from scratch but cannot afford the downtime.
Any ideas anyone? ???
J