First, know that I spent a good part of this day on the phone with Symantec support (India!) trying to fix this thing, and they've had me delete files in regedit, download HijackThis & Ad-Aware... tried all kinds of things. Worked mostly in Safe Mode with them. Finally ran into their closing time, and hung up with the promise that they'd call back tomorrow to dig back in. So you gotta give 'em an "e" for effort.
Second disclaimer is that I am currently working on my Mac Powerbook, as whatever has invaded my PC is denying access to Internet Explorer (among other things... description below). So my procedure thusfar has been to download fix software on the Mac & transfer to the PC via Compact Flash card. Obviously, e-mail is handled on the Mac right now as well. I have physically disabled my wi-fi connection on the PC for now.
So here is the best list or description of what all is messed up, and just in case it helps, a brief description of how it got that way. I've had some viruses in my time, but I've never seen anything like this:
I'm a professional photographer. 98% digital for 3 years now. BIG files. Camera captures at 16MG. Interested in learning more about Raw Capture, I was surfing some websites & Googling away 3 days ago, and one click rendered a sudden burst of about ten really disgusting, "adult" pages with "Raw" in their titles that popped up almost simultaneously. I started closing them out immediately, and saw that several Norton alerts had popped up as well. In hindsight, I should have written down each of the files, but I've never seen Norton fail, so the message "Norton Antivirus was unable to delete this file" didn't register with me until it was too late. The following problems occured immediately:
*Double-clicking on desktop icons with left mouse button only highlights icon; does NOT open it. I can open most things on the desktop via right-click/"open." It's like the shell or desktop is a fake or something.
*Start Menu contains no Search, Run, My Computer or Help buttons, and "All Programs" button has no affect (no program list appears).
*Ugly effect when attempting to open Internet Explorer: before Symantec's changes, open command produced a blank (all-white with blue title bar) window, NO address bar in it, and after a few seconds the "program is not responding" message appeared. Had to close in Task Manager. After Symantec, open command produces a small, quick-flash "download" window that appears for maybe half a second, then closes. That's it. (Yes, my homepage had been changed to the dreaded "About Blank"). Symantec had me ping Google's home page through a DOS prompt, and we were gettin' out there. Hmmm...
*Outlook Express opens, and I can see messages, but if I try to open and read one I get a message that says "error: one or more parts of this message is missing." Closing that message window, I get another that says there is not enough memory to open this message. (BTW, I have 1G RAM installed.) No other signs of a fake memory crisis, and perfomance tab in TaskMgr looks normal.
*Norton Antivirus and SpyWare Nuker are disabled. I can get the Norton screen, but all the buttons and choices are inactive, and within a few seconds it stops responding. SWN does the quickie "download" like Internet Explorer.
I ran out and bought a new external drive when this happened, and have copied all my data to it. So I guess I could just rip the thing down to nothing and start over. But I have lots of pro-level photo software that would have to be re-installed (much of it downloaded), and the whole system ran like a top until the attack. So I'd like to give it some more effort before throwing in the towel.
Sorry for the non-tech description, but I figured it might help if I described the symptoms. Again, any help would be appreciated. I will have a fresh download of HijackThis in a new, dedicated folder should anyone want to see a scan log. Oh... should mention that the first time I ran Ad-Aware, there were about 75 recognized files. Now a scan in AA is clean (0 files).
Thanks, R. Russell
Hep me! Hep me!