Hey everyone.

My dad has a PC at his office and it was recently having problems. The most noticeable thing was that we couldn't access any internet browsers, like Firefox, IE, and even Google Chrome. It gave a little popup message saying "Error Writeprocessmemory" and that was it. I figured it must be malware and ran some diagnostic tools. My dad has BitDefender Internet Security installed and I ran that. BitDefender found several trojans categorized as "gen.rootkit.nixoa.1". I downloaded (on another computer) and ran MalwareBytes and it found one more called "vundo.h". The programs quarantined them and I deleted them myself, restarted, and ran the programs again. Nothing new showed up and I hoped that that might have been it.

But the browsers still wouldn't open, giving the same error message. I rebooted in safe mode and the browsers worked fine, so I went into MSConfig and turned off stuff in the Startup menu until I could narrow down which process was causing the problem. It turned out to be "uw2000.exe". When I killed that process, browsers worked fine. But uw2000.exe is a program that my dad uses all the time. It's called Asian Suite and he uses that to write Chinese characters on the PC. He's been using it for years and it was never a problem. I uninstalled the program and reinstalled it from the original installation disc, but the same problem occured. Whenever Asian Suite was on, browsers couldn't open.

Furthermore, BitDefender keeps popping up with these little notification windows that various programs are trying to connect to the internet. The program names are always random strings of letters, like "vdsklec" or something to that effect. I'm guessing there's still something hidden in the PC, but I don't know how to find it. BitDefender scans turn up nothing, neither does MalwareBytes, Super Anti-Spyware, nor the various rootkit scanning software I installed.

My last resort would be to reformat the PC, but he has a lot of programs and drivers and files that he uses for work. I'd rather not have to back these up/reinstall if I can help it, and I also hear that some viruses (like vundo) are clever enough to hide themselves even from a reformat, so that's why I am asking this forum for help. I'm not at the PC right now since it's at his office, so I can't provide you with any logs from Hijack This or whatnot. But the first chance I'll get, I'll head over there and give you anything you need to know. For now, I hope someone can provide me with any kind of help I can get, or let me know what they need to help me. Thanks very much in advance, I really appreciate it because this malware is really ticking me off.