Hello - can you help me understand if I have a serious rootkit infection or something that’s been cleaned up?
I was simply reading a blog (Firefox 2 on Windows 2000) and got an avast warning that W32 Rootkit-gen was found in iehelper.dll.
At the same time, a new taskbar tray icon was “warning” me about all kinds of supposed viruses on my system and suggesting I buy Antispyware 2009 (which is, it seems, actually spyware or adware itself).
My Kerio firewall kept notifying me of outbound connection requests from an unknown program, which I refused to allow.
I was given many warnings by avast; I tried moving to vault, tried deleting. Avast claimed success, but never actually did anything. I was unable to manually delete iehelper.dll - the folder window froze.
I got a copy of malwarebyte’s anti-malware and it was able to remove iehelper.dll, sysguard.exe, and some registry keys. However, I could not accomplish this until I was able to get the instsallation program on my machine saved under a different name. The malware seemed to recognize the anti-malware and again froze the folder window, preventing me from installing the program until I managed to bypass its defense. Clearly this seemed to be monitoring file system activity and protecting itself.
Since that removal, my system seems to be working normally, and Avast is the only program that labeled this infection as a rootkit.
But since you’ve called it a rootkit, I wonder if I was able to remove all of it, or only some superficial pieces, and if under the covers it is still causing mischief like monitoring keystrokes, looking for passwords, etc.
Is it possible Avast is mistaken and this infection was not actually a rootkit?
If it was a rootkit, it doesn’t seem that removing 2 files would eliminate the problem.
So there are multiple questions:
What was this infection?
Why couldn’t Avast clean it up at all?
What is my likely present situation? Is there a way to tell whether my system has been compromised in a serious way, or if this was just a hard to delete file trying to trick me into buying some spyware?
I look forward to your advice. Let me know if you need any logs. Thank you very much.