My computer was hit with a whole suite of nasty malware a couple days ago; the ones I actually know the names of are XP Antispyware 2009, AP Manager, and the Win32:Alureon troan. I managed to get my computer back to a functional state by running a number of antimalware and antivirus programs as detailed below, but I’m still seeing red flags that my system’s not clean:
+Avast’s shields are disabled upon startup.
+Avast lists “winstart.bat” as being offline and can’t scan it. RKDetector lists this file as showing up at the same time the malware did.
+GMER has flagged some reg entries as suspicious; I’m not good at reading these, but I think RootkitRepealer has flagged the same entries. (In addition to a whole bunch of other stuff.)
Detailed Malware History:
-
XP Antispyware 2009 downloaded and immediately disabled Task Manager, Control Panel, and Malaware. I rebooted into safe mode and logged in as admin.
-
Re-installed Malaware from a flash drive; attempted installs of Avast and SuperAntiSpyware were blocked. Ran Malaware and removed some files.
-
Was still unable to install most antvirus software; Hitman Pro did go through and deleted a very long list of rootkit files, trojans, and malware.
-
Checked my normal user account; “copyright infringement” pop-ups started immediately upon Windows opening. Rebooted back into safe mode.
-
Downloaded combofix and ran it. It killed AP Manager and restored admin functions to my normal user account. (I’ve since uninstalled it. No damage was done to my computer, but after reading the warnings more closely I realized I really should have taken them more seriously.)
-
Installed Avast, which removed the Win32:Alureon trojan. Since then I’ve been trying different programs to figure the above problems; not successful, obviously.
I haven’t posted OTL and HJK logs due to their size. I’m pretty sure the logs are not supposed to be as long as these are. Even HJK’s log won’t fit into one post, and it’s not nearly as long as OTL’s. I’m not sure what to do now. =\