Got a pop-up from Personal Internet Security (not a program I’ve ever installed) saying “system infected, run a scan”–program window then comes up and starts looking like it’s running a scan. Avast disappears from the task bar and I can’t start it or any other programs–it’s completely taken over the computer (presumbably until I click something in it and buy the program that “fixes” it). Only thing I could do was shut down or restart. Restarted, same thing happened almost immediately. Restarted again, immediately ran Task Manager, saw a process I’d never seen before, and ended it in Task Manager. The rogue program didn’t start. I ran a full system scan with Avast, then a full boot time scan. Found and removed some threats but when Windows started up again (in safe mode), almost immediately the pop-ups and rogue program started and took over the computer. I restarted again, immediately started Task Manager, hit Print Screen and then End Process as soon as the mystery process started. Again, the rogue program seemed to be disabled. I then got the name of the process from the Print Screen image, did a search, and deleted it from a couple of places. Seems to have fixed the problem. But this is a real pain–I also sent a ticket to Avast Support so they can add protection against this. Details:
The rogue process name in Task Manager was eI01300MhApJ01300.exe.
It was in WINDOWS\prefetch (with the prefetch extension appended)
and Documents and Settings\All Users\Application Data\eI01300MhApJ01300.exe