I've been working on my roomie's computer because he's been getting popups etc. I've been able to get most things taken care of whenever I havd had spyware/malware problems, but this one is getting to me.
The Details:
I ran through HJT and killed some things which may have had small problems, but after I cleaned them out I rebooted, everythign seemed great, then I saved a HJT log from a clean reboot, (pretty clean) opened IE and saved a new HJT log which had two new processes in it. (msiexec.exe and wuauclt.exe, both in C:\Windows\system32)
After proceeding to research these files, both of them are alledgedly legitimate files, (windows installer and windows update) but I believe they may be fakes because the windows installer should not have been running, and windows updates are completely disabled.
I then decided to try to delete them (with backups) to see if it would kill them, nope, they were regenerated within 10 seconds of moving/deleting. Other research shows that some parts of windows may be re-created from the dllcache when someone deletes the files, explaining the behavior here, but I was thinking it may be another part of the malware regenerating the files. I did notice that after restarting again, when I opened IE it gave me an error message telling me IE had encountered a serious error and myust be closed down, although *my* window didn't get closed, I suspect it was the popup dying.
Conclusion:
I still have some sort of popup generating spyware/malware on this system, with some files I believe should not exist, and won't go away. I would appreciate some guidance and/or review of my HJT logs. I will post them here if requested, just specify if it's a log of when windows starts up, when IE starts up, or both.
Thanks a ton,
~ Rendezvous