So, somehow, my system finally got infected. I’ve done very little on my box at home recently, which narrows it down to a few very limited possible causes.
- Couldn’t access my own blog from my home machine, nor google;
- Pop-up windows warning me my computer wasn’t secure (“Win Antivirus Pro” infection);
- Opening/Closing control panel very slow and produces pop-ups (“Trojan/IHook” infection);
- Trying to run the Microsoft Malicious Software Removal Tool … fails (something actually kills the app);
- Unable to install or run Windows Live One Care (task manager shows “winlogon.exe” taking up 12% cpu, when I finally kill winlogo.exe Windows Live One Care seems to advance but still fails);
- Lots of rundll32.exe’s that weren’t there before, one of which continually restarts when killed;
- Several new svchost.exe’s;
- “GoogleUpdate” which won’t uninstall from control panel or otherwise go away aside from removing the folder;
- Nod32 quarantined a whole bunch of trojan files but seemed to miss the main infections;
I still have a Norton license, so I installed and scanned with that … Didn’t even discover the files Nod had quarantined. I tried the AVG free trial, it discovered one of the quarantined files.
Ok – so Windows Live One Care? Oh, the infection doesn’t like that, it won’t even download.
I managed to get the Microsoft malware removal app downloaded but it didn’t seem to do anything. When I tried it again while my system was busy I saw a little “Extracting Window” appear. When I tried without anything else happening, the window didn’t open. When I tried again and the system was really busy (virus scan AND disk defrag) it actually managed to display a “Welcome” window (you know, the first screen of an application which tells you what the application is etc) which then dissapeared. The infection is killing the malware removal tool.
I rebooted the box and went into Safe Mode with Command Prompt, went to where I had saved the malware tool and ran it by hand. Voila! 6 infected files found, “Trojan/IHook”.
Rebooted, launched control panel and it still felt sluggish. Closed control panel and … pop-up window. Repeated the trip to Safe Mode, 6 infected files again. Rebooted to Safe Mode again, re-tested, no files.
Apparently, my Control Panel is infected. So back into Windows kill all the services and exes I think I can get away with, and download Live One Care. Reboot, launch live one care … Fail. As soon as it starts up, “winlogon.exe” starts using 12% CPU. I kill that and I get a new window from Live One Care but it still fails :(
Then I remembered I have a Vista partition which I booted into. Ahh, yes, Vista is pretty, but it’s like walking around a submarine, I seem to keep banging my head on bulkhead doors, and I have to absolutely wrestle with Live One Care before I finally figure out it’s failing because I was on a 90 day trial that just expired.
I’ve been updating Live One Care for 2 hours now… It’s installed a bunch of updates one-at-a-time most of which require a reboot before it can proceed. Ugh.
It did, at one point, go long enough between updates to allow me to do a scan – it found an infection but before I could “OK” it to remove it, there was another update and it restarted itself, taking the window with it.
Also, in its scan report, it found one file with an infection. It tells me “user action required”. I clicked on the link, hoping to find out what user action was required, and it tells me:
“User Action Required.
“Infected files were discovered. User action is required”