Newbie and total non-techie here. (This will be strictly "for dummies".) For the last couple of weeks every 2-3 days I can't get on the internet due to a "buffer overload". McAfee scans do nothing about it. Neither does Adaware or Winferno Power Registry Cleaner. Spybot picks up a trojan called Win32.KillAV-KQ and displays six items, five of which it is able to remove:
HKEY_CLASSES_ROOT\CLSID\{AFD4AD01-5BC1-47DB-A404-FBE00A6C5486}
HKEY_LOCAL-MACHINE\SOFTWARE\Classes\main.BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\main.BHO.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}
HKEY_CLASSES_ROOT\TyleLib\{BE3C68CD-F500-BCB9-132BB3BC3573}
But it couldn't remove:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFD4AD01-58C1-470DB-A404-FBE00A6C5486}
It asked me to restart my computer so Spybot could remove that entry. I have done so and another scan showed no problems. The problem is that running two Spybot scans takes a long time and I can't use the internet until this is done. The other problem is that it comes back a couple of days later.
I checked the post explaining how to remove Win32.KillAV-KQ manually and it lists the above registry keys, with one difference. One of the six keys is:
HKEY_CLASSES_ROOT\AppID\{A0E1054B-01EE-4D57-A059-4D99F339709F}
That is listed instead of the key the scan couldn't remove.
Can someone explain (1) Why this keeps coming back and what can be done to stop it; (2) Why Spybot needs a restart to remove that one key; (3) Why the manual procedure, (which I have not tried), lists a different key in it's place?
Thanks for any help you can give me. (Note: I read the post by CrazyMums and the responses but his situation appears to be different as he said that Spybot couldn't remove any of the 6 keys- on my computer it can remove 5 of the 6. I have Windows XP, by the way.)