I read what I should do before I post-no logs included yet because I'm stuck.
I can't install spybot. I actually had it on the infected machine and when I was hit with this it was disabled. I have tried a reinstall however the machine wants to connect to the net in order to do the installation. Is there a version I can download and try to install without needing net access?
I currently have that machine off the net. I can try to go online and run kapersky online scan- before doing that I wanted to check if there is a safe way to do that. I did try the Trend-micro site last night when this started AND it disabled that install as well. The message was not a WIN32APP.
I've seen the following behavior so far since being attacked:
1. Removes the ability to see hidden files from the registry. I've overcome this by copying the HIDDEN registry entry from another machine. I have to run this each time I reboot if I want to see that option available on the list - View Files under Folder settings.
2. Disabled all spyware tools & Virus protection.
Programs Disabled:
CA Anti-Virus (totally up to date &I ran it on the file before I clicked on the .exe came up clean)
Spy-bot,
Spy-doctor.
Zone Alarm was completely disabled- vsmon.exe was replaced.
I can't install anything that is in this category. Somehow Ad-Aware (old version) survived however definitions are out of date.
3. Infected USB key with two files Autorun.inf AND nideiect.com- My CA virus is catching the Autorun.inf each time I insert in in my other (working) laptop.
4. CPU usage is running high
5. Autorun.inf file was identified by CA as virus INF/Rolepi- there is no additional information from them
6. I appear to be unable to start in Safe mode- it keeps looping back. I can start normally.
7. Restoring to a previous day with Windows Restore was not effective. Said no can do- no files were changed.
Looking forward to getting this off my machine. Let me know what to do next.
Thanks in advance for your assistance.
Suze