infected XP PC - can't get to security sites or run security tools

Hi - I a looking for help to clean my infected XP system. I am actually on a
different computer now as my infected system (desktop - wireless) can't
access security sites.

The problem started Dec 2nd, 2008. I'm running XP SP 3. The system was set
up to autodownload MS updates once per day, and AV every three hours. Somehow
it got infected with a nasty malware program - I'm guessing via human
interaction of a family member clicking something they shouldn't have. The
system has TendMicro Internet Security 2008 running on it and had it running
at the time of infection too. I've spent about 10 hours trying to clean it so
far with little luck. I'd appreciate any help anyone can provide.

Symptoms:
-Running a little slow, to very slow at times, especially when downloading
files. Not consistent though.

-Originally it wouldn't boot past the loading windows screen, but that has
stopped now

-Trendmicro found GetModule, Adload, and Generic12.KAO but couldn't clean
them. Adload and Generic aren't found anymore, and I cleaned GetModule via
instructions on the TrendMicro site

-I cannot surf to any security sites (including this one) nor can I get to
windowsupdate, but I can surf to msn, yahoo, etc

-tried loading AVGFree AV by downloading it to my clean laptop, burning it
to cd, and then transfering it to the desktop, but it runs with errors and
ends up doing nothing

-Also transferred over mbam-setup, HJTInstall, spybot, but they won't run. I
click on them, get the waiting cursor for a short moment, then nothing.

-Found dihjmevt and hsfxpeqgkaukg in the startup, I've since disabled them
from starting and deleted their dlls and registry entries

-/etc/hosts file is normal

-Finally opened a chat session with TrendMicro,but they couldn't help
(session ID: 584407 if interested)

-TrendMicro had me turn off my system restore, and now I can't restore to a
previous date as none exist anymore

-Tried gmer (www.gmer.net) but it also wouldn't execute

-Checked (known to me) registry keys for disabling my ability to run
programs without any success

-
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System

-Ran RootkitRevealer from sysinternals and found the results listed below,
but can't find them in my registry to delete/modify

-
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\DelegateFolders\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\ -dated 2/25/2007
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\tdssdata -dated 12/2/2008
- HKLM\SOFTWARE\TDDS -dated 12/5/2008
- HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys -dated 12/6/2008
- HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys -dated 12/6/2008
- HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys -dated 12/6/2008

-ran ccleaner and cleaned everything found - ran every option and fixed
everything it suggested with success

-Ran AntiVir Removal Tool 3.0c but it didn't find anything

-Ran windowsdefender but didn't find anything

I've tried all of the above items in normal mode, safe mode, and safe mode
with network support with no difference in results. I've also tried booting
to last known good state without any luck (boots to state I used this AM).
I'm a few years removed from my old sys admin days, but "back in the day" I
could create an av recovery disk to boot from to clean up the disk drive
without the OS running, but can't find a way to do that now when I don't have
a floppy drive. Also, my laptop has vista and trend doesn't have (that I can
find or the chat person knew of) a vista version to sw to make a boot cdrom

Any suggestions/help would be greatly, greatly, greatly appreciated!

Thanks,
Dave

.

Relevant Pages

  • RE: infected XP PC - cant get to security sites or run security tools
    ... at the time of infection too. ... I've spent about 10 hours trying to clean it so ... -Originally it wouldn't boot past the loading windows screen, ... -Checked registry keys for disabling my ability to run ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Dumb Question When Buying A New Computer As A Gift
    ... Using a known clean computer, used the Internet Setup Wizard or the software ... carry an infection, ... If you are very concerned about infection, you might want to install a ...
    (microsoft.public.security.virus)
  • Re: Keylogger.Trojan
    ... Nothing can clean the trojan. ... Reboot your PC into Safe Mode and shutdown as many applications as possible. ... It would also help for you to read - "How to perform a clean boot in Windows XP" ...
    (microsoft.public.windowsxp.security_admin)
  • Re: How to remove winik.sys
    ... this nasty, none has as far as I know, the ability to clean it in-situ. ... Detection by examining the system in safe mode is possible. ... To clean this nasty from the machine using recovery console do the ... This will disable the kernel driver part of the infection and allow you ...
    (microsoft.public.windowsxp.newusers)
  • Re: How effective is any antivirus program?
    ... The others then report a clean machine. ... About 8 months ago I had a _severe_ infection on this machine. ... It deleted all the operating files for the software, blocked anti-malware programs, disabled several control applets, and blocked downloading and of anti-malware (AMW). ... I didn't have a drive image, so I couldn't just reformat and reinstall. ...
    (alt.comp.anti-virus)
Quantcast