Hello, this is my first time posting on CH, though I've been looking through the forums for the last few days to see if my issue had been posted before. I couldn't find anything, but please forgive me if this is a repeat. Also, I think this might be an issue with a driver, but I'm not 100% positive, so that is why I posted this in the Windows XP forum.
I tried asking this on Yahoo! Answers first (the forum intimidated me a bit) but all I got was a guy telling me to completely reinstall Windows, and surely there must be something else I can do because that is quite extreme. It also sounded like he didn't really read all of the information that I put, but I'm confident somebody here will take the time to read everything. /ramble
Okay, first some info about my computer. I'll post all that I know:
Acer Aspire 5000
Windows XP
Avast! free antivirus
Service pack 3
I use Mozilla Firefox
No firewall besides Windows (will download ASAP once I have internet!!)
Do not know how much RAM I have.
If there's anything that I need to post please let me know and I will try to figure it out!
Late at night on December 20, I was browsing on DeviantART when all of the sudden the Avast said it put two files in the sandbox, then a virus was detected, then windows said my firewall was turned off. This all happened in a few seconds. So I ran a boot scan but as the computer was shutting down an end program window opened and mentioned Windows Antivirus 2012 or something like that, which I know must have been the virus. I fell asleep during the scan
but when I woke up the next morning there were two new items in my virus chest:
Name: folder\Ump_45.class
Original location: C:\Documents and Settings\Admin\Application Data\S...
Virus: NSIS:Zugo [Adw]
Name: netbt.sys
Original location: C:\WINDOWS\system32\drivers
Virus: Win32:Alureon-AOW [Rtk]
The second one immediately worried me much more than the first. I ran a second boot scan but Avast! found nothing. The Antivirus 2012 or whatever it was called hasn't shown it's face at all after the first scan, which I think is a good sign. In fact, everything is normal except I cannot connect to the internet.
I have gone into my wireless network settings and made sure that "Obtain an IP address automatically" and "Obtain DNS server address automatically" were checked under Internet Protocol Properties, which they were, so that made no difference.
I used System Restore to return my computer back to Dec 17 to see if maybe that could undo any damage, but nothing really changed.
So then I downloaded Microsoft Windows Malicious Software Removal on the MacBook that I am using now (it is a school computer, loaned to me for the year) and transferred it to my Acer by burning it on a CD because it turns out my mom stole all my flash drives for work. I figured maybe Avast! didn't catch everything, but MWMSR didn't find anything either.
So on Dec 25 (I'd been doing something different every day, as I was busy with Christmas preparations) I ran Windows Error Checking on the C: drive to see if it could fix any corrupted folders or drives or anything, but it didn't say anything and nothing changed.
I didn't go through the Malware removal steps, because I'm fairly certain that the virus has stopped spreading, and also because I don't have a flash drive (and no money to buy a new one
) I would have to download A LOT of stuff onto the school MacBook and then transfer it using blank CDs ($$$!).
Like I said, I think this might be an issue with a driver, maybe the rootkit damaged something before it was put into the virus chest. If anyone has any helpful insight or needs more information I would be glad to do what I can. Like I said, trying to avoid downloading a lot of things as it's a difficult thing for me, but I understand if I don't have much choice. Thank you for your time!
Rachel