My daughter’s laptop (WinXP Media Center edition, SP3; 1.6 GHz, 1 GB RAM, 105 GB HDD; PC-Cillin Internet Security*, SUPER AntiSpyware, Spyware Blaster, CCleaner), started malfunctioning yesterday. A toolbar she didn’t recognize had appeard in ie and any attempt to visit her usual websites was redirected. Her computer also kept freezing at apparently random times, and task manager did not work. Her first thought was virus or spyware, so she tried to run scans with PC-Cillin and SAS, but PC-Cillin wouldn’t scan and SAS wouldn’t even open. She also was had a red circle with a big “X” in her system tray, with an info balloon that said Windows had detected spyware, click here to download antispyware, etc. She also gets a dialog box titled “sh.loader” with the message “failed to extract dump” every time myspace IM attempts to launch, which is every time the computer starts up–she says it never did that before.
I was unable to scan with SAS even in safe mode, but I managed to install and scan with a recent copy of MBAM (in safe mode), which I had on a USB stick. It found and removed a trojan downloader and a few lesser threats. The fake antispyware download request was still there when I returned to normal mode, and SAS still would not open. I then installed Spyware Terminator (in safe mode–it wouldn’t install in normal mode), scanned in safe mode, and was able to remove KGBkeylogger. The scan log noted that only parts of the keylogger were there and it had possibly been partially removed. SAS will now scan, and removed a few more things. The fake antispyware “ballon” with its red x’ed circle no longer appears, but the sh.loader dialog box still appears. (I rebooted between scans.)
A friend suggested running RogueRemover (which found nothing) and VundoFix (which also found nothing).
The computer works almost normally now, but still freezes occasionally, security programs (except Spyware Terminator) are unable to access the internet to update, and attempts to visit security-related websites result in “Internet Explorer cannot display the webpage;” also, attempts to visit other websites are redirected, usually to fake antispyware pages.
I apologize for the length of this post, but I will be going to work for a few hours and wanted to include everything. Her HJT log is attached.
Thanks in advance for any helpful replies.
P.S. I have downloaded avast! install and update files, and looked up PC-Cillin removal instructions in preparation for a much-needed change. My daughter’s father had purchased a 2-year subscription nearly two years ago when he gave her the laptop as a gift, and she didn’t want to switch to avast! until the subscription ran out. She will be switching ASAP.