Alright, now, after I run CWShredder, the damn thing keeps coming back. Resilient son of a gun ain’t it? This is what CWShredder found on my system:
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar
Infected data: res://C:\WINDOWS\System32\lnk.dll/sp.html (obfuscated)
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page
Infected data: res://C:\WINDOWS\System32\lnk.dll/sp.html (obfuscated)
Infected Registry value:
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar
Infected data: res://C:\WINDOWS\System32\lnk.dll/sp.html (obfuscated)
Infected Registry value:
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page
Infected data: res://C:\WINDOWS\System32\lnk.dll/sp.html (obfuscated)
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant
Infected data: res://C:\WINDOWS\System32\lnk.dll/sp.html (obfuscated)
Infected Registry value:
HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant,http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Infected data: res://C:\WINDOWS\System32\lnk.dll/sp.html (obfuscated)
Found Hosts file: C:\WINDOWS\system32\drivers\etc\hosts (26759 bytes, R)
Shell Registry value: HKLM..\WinLogon [Shell] Explorer.exe
UserInit Registry value: HKLM..\WinLogon [UserInit] C:\WINDOWS\system32\userinit.exe,
Registry value: DefaultPrefix (should be http://) http://
Registry value: WWW Prefix (should be http://) [www] http://
Registry value: Mosaic Prefix (should be http://) [mosaic] http://
Registry value: Home Prefix (should be http://) [home] http://
Found Win.ini file: C:\WINDOWS\win.ini (682 bytes, A)
Found System.ini file: C:\WINDOWS\system.ini (231 bytes, A)
- END OF REPORT -
Now, after I fix this, the thing comes back EVERY TIME at the EXACT SAME HOUR. So now what do I do?