Okay, I work for a small company around 30 full timers, 30 temps.. We don't have a dedicated IT department, so myself and the accountant take care of it. I don't consider myself an IT professional, just a average power user I guess. We are on a 2000 network, mix of 2000 and xp workstations.
Anyway, we have got one XP pro machine (system restore disabled) that has picked up a browser hijack and adware program that I just can't shake. It allows MSN to be opened but no other website will come up if typed into the address bar - but you can type in addresses in the MSN search bar, then click the provided links to get around
The ads popping up are usually for Spyware blockers, Anitvirus and shit like that. Yeah, great idea.. give money to the monkeyfuckers that messed up your machine in the first place.
It also pops up a search window any time you type somthing in MSN search.. as if it tries to answer your request, but nothing is relavant to your search. It also puts porn links and other random garbage links into your favorites listing.
We use server based Trend Micro office scan anti-virus, which works pretty well and updates on the fly regularly. The Anit-virus notices right away when you open IE that there is a virus or adware program attached, but it says that it cannot clean or quaranteen the file - and to read about how to remove it on the trend website. Well, the website says just to be updated and delete all the infected files that a full system scan finds (DUH!). Problem is that when doing a full system scan, trend finds nothing! Then as soon as you open the browser, it pops up again. The file names infected had changed a few times but were always located in the system32 directory and were dll files. I went in and specifically looked for the files it listed as infected and they were not visible! All settings for view all files, do not hide system files ect. are set to show everything.
I read about the prog online and apparently there are many versions. The one I have did not have any of the registry entries or files that were noted online on any of the boards I read on how to manually remove it.
I have run a up to date version of Ad-aware, Spybot SD and Hijack this... all of them found things that they didn't like.. many things linked to broswer hijacks.. All the progs said that they removed all bad files.. none of them really did a damn thing though. The shit is still there. I did go through and clean out all the temp files and all the temp internet files..
I called Trend Micro for support and as far as they got me was to boot in safe mode and install a 2.5mb stand alone virus scan utility off thier website.. The lady told me, okay - so I expect you call back when scanning finished. I said okay.. let it scan and tried to call back after it found nothing at all, but whadda know.. they closed about 40 minutes ago. Thanks a bunch Trend!
By now, after going through multiple scans for spyware and the like, and deleting lots of the junk - the machine has become unstable. Anytime you try to open windows explorer, control panel or just about anything, stupid mf'in drwtsn32 crashes and nothing opens. You can still get around in safe mode, but regular mode is as good as useless. And the fucking browser pop ups are still going strong while Dr. watson crashes everything else.
sheesh, I think I did everything - but I couldn't win. I feel kinda bad, since I stayed a little over 4 hours late working on this thing trying to get it fixed so monday morning will be smooth, and got nowhere. I like taking the OT, but I really wish I could have resolved the problem. Like I am getting paid for doing nothing. But I have tried all that I can think of.
Trend calls it HTML_winshow.AK but I believe that the one I have might be a different variant. Or newer, pumped up version. The bastard just WILL NOT GO AWAY!
What do I have to do aside from formatting the machine? Monday is gonna suck guys, I feel the shit attitutes coming already.