The other day I had some networking problems, services such as the Network List Service were failing to start etc. Then after I ran some commands to fix this, Windows Firewall was disabled and couldn't started.
I ran ComboFix (I admit, I have only now just seen the warning to only run it after being given expert advice) and it deleted one file (but also did some stuff in the registry I think, relating to TCPIP). After this, Windows Firewall works again.
That file was iun6002.exe. At the time I didn't think anything of (after all, my network connection was back!) it but I decided to do some further digging today because these two strange events has occurred:
1. Two programs that were ' Click Once Application Manifests
' (You know, download a 800Kb file and it'll download the rest later on and store it in AppData) had been un-installed / all that was left was the standard application manifest icon. These were 'Wunderlist 2' and 'rdio'. I have since re-installed them.
2. My installation of Office 2013 Consumer Preview was completely gone. The icons are un-clickable and almost everything in the Office 15 folder was been deleted.
So I read up about iun6002.exe and how malware disguises itself as this .exe especially in the location of C:\Windows and that's where mine was found. I read that it's a pretty nasty spyware tool. Not content with it sitting in ComboFix's quarantine folder with .vir added to the end of it, I ran these scanners:
Windows Defender Spyware Removal (The Windows 7 out-of-the-box one) [CLEAN]
Rogue Killer [No suspicious processes, but some registry suspicions, 2 Wunderlist related, 1 Asus-Xonar audio driver
related and two Microsoft looking ones]
Sophos Virus Removal Tool (IN PROGRESS) [Say's it's found 2 threats so far, hmm]
So my question to you after this hopefully understandable explanation is: Am I free from the iun6002.exe spyware? Or is it still on my PC, doing bad things? Any way to check for this? The proccess is definitely not running.