Yes, I ran the Windows defender offline from a bootable CD. Yeah, I'm also not going to be doing much with this computer until I can hopefully get this problem solved and I'm trying not to use the internet, and if I do, it'll be from my cellphone on a portable hotspot with WPA2 protection. I have also disconnected pretty much everything from my computer, including my 2 TB external hard drive, webcam, printer, etc.
Okay, I also noticed that the user accounts now come back after awhile in Windows from when I delete them, with a new name but the same picture. Any thoughts?
Lol, grab a live distro like ubuntu or mint and backup your files, then wipe the disk clean, I wouldnt trust that system even when 10 applications say its clean.
Download DDS from one of these links:
Mirror 1 Mirror 2 Mirror 3
- Disable any script blocking protection
- Double click the dds icon to run the tool.
- When done, DDS will open two (2) logs:
- DDS.txt
- Attach.txt <--- will be minimized in the task tray
- Save both reports to your desktop.
Include the contents of both logs in your next post.
The scan will instruct you to post Attach.txt as an attachment.
I uninstalled my ESET computer anti-virus. I was trying out the Eset Release Candidate 6 and I enabled anti-theft protection. I think Eset might have a bug in that release though. The reason I think so is because when anti-theft is enabled, the computer would keep creating a false user account when restarted for an attacker to access instead of seeing the real user's account and this was supposed to protect the original user's files and settings from the attacker. The computer might have messed up and thought I was the attacker, or else something else is playing with those settings and messing it up. Since I last posted, several threats were removed with superspyware software and MSE caught a "severe" java virus and qurantined it. Thanks for all the help so far.
Un-install all old java, you can also use Javara JavaRa | SingularLabs
Next, download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3
Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
- Double click combofix.exe and follow the prompts.
- When finished, it will produce a log for you.
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply
After rebooting ensure your Security applications have been re-enabled.
In your next reply post:
ComboFix.txt
***A guide and tutorial on "How to use Combofix" can be found here:
ComboFix: A guide and tutorial on using ComboFix
IF CF won't run:
During the download, rename Combofix.exe to sVchost.exe
That's some dangerous advice. I tried it and then none of my internet browsers worked (Chrome, Firefox, Internet Explorer) and some files I had were deleted as well. Are you sure combofix.exe is a safe program because it sure didn't seem to detect any viruses, just set a lot of registry values for deletion and delete a lot of files! Thankfully, I did a Windows system restore after combofix ran to minimize the damage and then still had the combofix log file. Thanks for the help but I hope that there is a better way to find malware on my computer!
Jacee is a trained malware removal specialist, and has received Microsoft MVP status for her work in this area, and she wouldn't recommend Combofix lightly.
I have no idea what the system restore would have achieved - possibly its simply restored the malware back to your computer.
You are better waiting for her advice. If you don't want to do that, then I recommend a clean install of Windows using the diskpart clean all to wipe the disk prior to installation.
Good luck,
Golden
Quote