I believe my client has the Conficker/Downadup virus. I have tried everything to remove it. His Windows updates weren't working for a very long time so he never received the patch to fix the vulnerability. It appears to be causing problems at the DNS level. Whenever I try to go to an anti-virus vendor's web site or Microsoft site it either doesn't display the page or redirects the browser to an advertisement.
Here is what I have done and the results:
+Turned of System Restore
+Ran tool to clean all temp files
+Run combofix in Safe Mode - removed some things - still infected
+Ran Hi-Jack This in Safe Mode - removed some things - still infected
+Ran Malware Bytes in SM - removed some things - still infected
+Ran Spy Bot in SM - removed some things - still infected
+Pulled the hard drive and scanned it from another computer using Cureit - removed some things - still infected
+Re-installed the hard drive and ran Cureit in Safe Mode - removed some things - still infected
+Ran AVG in Safe Mode - removed some things - still infected
+Installed XP SP3
+Ran Avenger ( http://swandog46.geekstogo.com/
) - Nothing found
+Found this web site: http://www.joestewart.org/cfeyechart.html
and identified the virus as Conficker B based on the result
+Downloaded and ran the F-Secure Downadup removal tool ( http://www.f-secure.com/v-descs/worm_w32_downadup_al.shtml
) in normal mode - Found no infection
+Followed the suggestions for removal from Microsoft ( http://support.microsoft.com/kb/962007
+Ran the Microsoft Malicious Software Removal Tool (both a quick scan and full scan) in normal mode - Found no infection
+Followed the steps from the above Microsoft page for manual removal. Got to step 8/9/10 and could not find any service there with any random characters or anything that looked out of place.
+Ran the Norton downadup removal tool ( http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99
) in normal mode - no infection found.
That is where I am at now. I can't find any anti-virus tool that will find this virus and remove it. Anyone have any ideas????