last week my computer was infected with the XP Antimalware 2010.
the computer is running Windows XP service pack 3 version 2002
I have ran Avast, Malware Bytes - Antimalware, and SpyBot S&D to remove malware and viruses. I just ran the Avast Boot-time scan again and it found one infected file in the Windows folder. I placed that in the chest.
I am still having issues with FireFox opening new tabs with random websites and Avast pops up and says its a Trojan URL.
I have no idea how this rogue proceeds nor do I know how much you already removed from it…only tip I can give but that’s probably not enough to solve your problem: check if any extension got installed silently in Firefox.
thank you for the help so far. i have done all the things suggested so far and I am still having issues with FireFox loading websites and redirecting to different sites from Google searches.
Okay, you should uninstall FF and delete your profile >>> make a backup of your bookmarks and password database if you use it first and then reinstall. Again: it is important that you delete your profile for Firefox completely. If you use the default configuration it’s located in \documents and settings\your user name\application data\Mozilla\Firefox (for XP)
I suggest you use Hitman Pro (Cloud based Malware Scanner) for TDL3/TDSS removal. Hitman Pro will replace the patched atapi.sys with the original file. If it doesn’t work, we’ll try ComboFix.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue. If you are using Windows Vista, and receive UAC prompt asking if you would like to continue running the program, you should press the Continue button.
Read the Disclaimer of Warranty and click Yes to continue.
ComboFix will detect if the Windows Recovery Console is not installed. Click Yes to install. Once the Recovery Console is installed Click Yes to continue.
Once ComboFix has finished scanning, the CFix log onto your desktop. Please attach it in your next post or post the log in separate posts.
I ran combofix and it rebooted the computer. It had an error starting windows so I had to set it to run the last windows configuration that worked properly. Combofix did not create a log that I can attach.