It seems I've contracted some ick-nasty buggers, and I need to discover a solution to get rid of them.
Here's the synopsis:
First of all, I'm using Windows Vista. Yesterday, I got a virus. While I was still using the computer, I got strange pop-ups related to the virus that imitated the Security Center, and through a little research, it looks like this is the work of "Windows Antivirus Pro". I restarted my computer, and once it passed the user name chooser screen and the Welcome screen, it went blank, except the mouse pointer. I tried to open the task manager to see if explorer.exe didn't load up. Task manager opened, explorer.exe was fine. I didn't see anything that looked like it would be related to Windows Antivirus Pro, though. I removed some of the other viruses (one being a Rootkit, which I'm still having difficulty removing) and now I'm able to go onto my main screen instead of safe mood. My computer is still going significantly slower, and there's evidence that something is still on here.
I've installed the following: RootRepeal, MBAM, SuperAntiSpyware, Spybot Search & Destroy, Antivir, and a few others I can't quite remember at the moment.
Fast forward to today. I ran SUPERAntiSpyware maybe 7-8 times now, and the one that continuously appears is called "Rookit.Cloaked / Service.GEN". I checked the log files to ensure that SAS wasn't just skipping over it, but it appears that one of the two files under the Rookit name is being found on different files each time. The other file seems to be the same each time. I won't post the whole log, but here are the two files I'm talking about:
SAS Log:
Rootkit.Cloaked/Service-GEN
HKLM\system\controlset001\services\kbiwkmiooqidow (This is the one that keeps reappearing)
C:\WINDOWS\SYSTEM32\DRIVERS\KBIWKMBDDVREQR.SYS (This is the one that keeps being found under a different file name. The source is the same, and so far all of the files have started with a 'K'.)
While using all of the Spyware programs I downloaded, it also came across several other trojans, but it seems that they've been removed for the most part. I can now at least start my computer normally instead of having to go on safe mode each time, so some progress is being made. But my computer is still noticeably slower, and I still cannot search anything related to virus removal or system restore without being redirected. If it helps, each time the redirected page is different, but the icon by the search bar is always a blue, somewhat cursive "2" looking symbol. For some reason I can now search some sites that I couldn't before, but from time to time I get redirected again.
I'm currectly conducting a RootRepeal scan to see if the issue can be diagnosed correctly.
So, I ran another Spyware remove program (SpyHunter 3), and it came up with some additional icky buggers.
- Windows Antivirus Pro.lnk (Rogue.Windows Antivirus Pro) (2)
- Some cookies
- Some registry keys (I think; they're labeled as "Hotbar"): InprocServer32 (2), ProgID (2)
These are the major files detailed below:
"Hotbar" Files
-HKCR\CLSID\{620D55B0-F2FB=464E-A278-B4308DB1DB2B}
---HKCR\CLSID\{620D55B0-F2FB=464E-A278-B4308DB1DB2B}\ProgID
---HKCR\CLSID\{620D55B0-F2FB=464E-A278-B4308DB1DB2B}\InprocSever32
-HKLM\SOFTWARE\Classes\CLSID\{620D55B0-F2FB=464E-A278-B4308DB1DB2B}
---HKLM\SOFTWARE\Classes\CLSID\{620D55B0-F2FB=464E-A278-B4308DB1DB2B}\ProgID
---HKLM\SOFTWARE\Classes\CLSID\{620D55B0-F2FB=464E-A278-B4308DB1DB2B}\InprocServer32
Windows Antivirus Pro
C:\Windows\System32\config\systemprofile\Desktop\Windows Antivirus Pro.lnk
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Star Menu\Programs\Windows Antivirus Pro\Windows Antivirus Pro.lnk
Unfortunately, the program will only let me see these files, not delete them. I'm wondering if it would cause harm if I deleted them by hand.
I have a log for RootRepeal with further details. If you'd like to see if (because the post will become too long if I post it), please ask me.
Thanks for the help, guys!
Login 
Search 
Facebook
Twitter
TechGuy.tv
TSG Mobile