2

This showed up on the family XP box today, with all MS security updates applied, along with free versions of ZoneAlarm and AVG running. If you need a culprit, it might be the young neighbor who installed some video-burning software, but I'm looking past that. Right now I've got a system where google searches are hijacked, IE is launched every few minutes, I can't launch regedit without restarting in safe mode, and in short the machine seems greatly compromised.

When I did launch in safe mode none of the expected entries showed up in the registry, nor in the main user's My Documents\New Folder folder. Before the reboot there were two separate setup.exe processes running -- that's going to be a treat to track down.

I'm considering backing up all the photos, kids work, email, etc and doing a full reinstall. Anyone have an alternative?

Eric
  • 481

2 Answers2

1

A full reinstall is the safest option - it's the only way you can be 100% sure the system will be clean.

But, if you're trying to avoid that, the most effective way to clean a system is to boot up a Live CD/USB, so the malware will not have the chance to run, and perform all the cleaning tasks from there. In which case I recommend this question as it provides some good options for Live CD's for that purpose.

Also, you might find this question to be useful as it discusses where the infection may have come from.

Community
  • 1
DMA57361
  • 18,793
0

BleepingComputer lists various ways of cleaning up malware infections, usually consisting of preventing services from starting with HijackThis and continuing with MalwareBytes and possibly some more powerful tools. However, removing malware by using a LiveCD environment is more likely to succeed, and the only sure fire way of completely removing it is with a wipe and reload.

MBraedley
  • 2,842