Short version of a long, story. Daughter’s geeking around where she shouldn’t have leads to to a virus infection on her notebook. Tell her to give it to me, I figure I’ll throw an AV package at it and then we’ll be done.
Symptoms- System performance at a crawl. Web pages get randomly hijacked. Something is banging this system hard. Regedit won’t work and ALT_CRTL+DEL will not call up the task manager. First run with AVG AV and it identifies a bunch of backdoor Trojans and one that shuts down regedit. Also use AVG spyware scanner. It detect tons of spyware exploits but as soon as they are removed, they return at next bootup.
AVG scans and says it’s removed these Trojans, but it keeps returning. I use the Hijack Plus tool to remove this trojan/virus and regedit functionality returns. System performance is still crawling and page hijacks still occurring.
Check with Fsecure Blacklight rootkit scanner for a rootkit virus. No indication of one.
Read more Virus Scanner reviews. Download and run propellerhead favorite NOD32 AV. NO32 finds more backdoor Trojans, and claims removal, but problems always return upon bootup. I remove a bunch of programs, helper apps and IM related stuff that “might” be the source of the infection. Daughter is going to be pissed.
Do more web review reading and download Kaspersky AV. SLLOOWW scanner but identifies system as being covered up by “Virtumonde” virus. Claims removal, but virus comes back on reboot.
Do web research on “Virtumonde”. Apparently a real bitch of a virus. Symantec claims stand alone removal tool. Run it and it claims not to see any evidence of the virus on my system. Finally see this link and see that the virus is actively hiding from Hijack This. I re-run HJT with the name modification (ie rename HJY to “scanner.exe”) and see the virus is holding fast. I download the removal applet and follow instructions, and it appears I’ve finally gotten rid of it, and system response is back to normal.
This was the core of the pustule that kept pumping out all the other hijacking Trojans that were covering up the system.
God! I’ve wasted 2 working days of time on this POS! Why can’t any AV programs get rid of crap like this from the get go?