I am having a really difficult time battling a malware infection on my Windows XP machine that has disabled many anti-virus programs and my windows security updates. I'd like to try and remove the virus to save software that I cannot replace.
I received an alert from symantec that it found a threat called 'suspicious.vundo.2', and that quarantine, clean, and delete all failed. Soon after, I began seeing somewhat fake-looking windows security alerts, warning that my computer was infected and asking me to click to download an anti-virus software program.
I rebooted my computer in safe-mode and ran a symantec scan, hoping that it would be able to find and remove the virus in safe-mode. But it showed a clean scan, and attempts to delete the offending files via the log gave errors saying they were no longer there. But the virus persisted. I tried downloading a few other anti-virus programs (spybot search and destroy, malwarebytes, and spyware doctor), but the virus blocked the installation executables from running. Malwarebytes did successfully install, but the program hung after trying to launch (the exe shows up in task manager, but the program never actually starts up). I tried re-naming the executable files of the different programs, but this did not help.
I then tried doing a system restore, but the restore interface would hang and not go through with the restore. I next decided to try doing a repair install of the windows operating system. After the re-install, however, the virus was still there. In retrospect, the repair install may not have been the best idea since the virus had clearly integrated itself into the operating system pretty well.
With the virus blocking windows update, I now have a very vulnerable OS (windows XP without any service-pack or security updates)! I am only booting in safe mode (with networking) to avoid some potentially nasty problems.
I have had some minor success after running an online scan through TrendMicro's HouseCall. It found and fixed a few things, and afterward I was able to run Malwarebytes. This found a few more issues, which I fixed. But, I still cannot launch windows update or other anti-virus software. So there is still some lingering infection.
I've attached a log from HijackThis and an online BitDefender scan (which does find an infected dll, which I have tried to remove manually with no success).
And here is a list of anti-virus software I have tried and cannot run:
spybot search and destroy