I have Dell Celeron 1.7 PC w/ 512MB, 40GB HDD, running XP SP2. The PC is in pretty bad shape. I usually use the standalone scanner from Kaspersky (available in devbuilds) and Super Antispyware to clean up pretty much every infection on a PC. Not working this time.
Kaspersky flagged a bunch of Hidden.Object.xxxx items that it couldn't delete, heal, or quarantine. So I downloaded Rootkit Revealer, Blacklight, RootKitty, PAR, & SAR. Rootkit Revealer showed 20+ items. Blacklight found 5 but didn't fix them. Haven't run RootKitty or PAR yet and SAR found 37 items, 1/2 couldn't be deleted or fixed, the other half it recommended not to fix.
So . . I'm out of ideas. In the meantime I have used CCleaner to clean all user's accounts, prefetch, etc.. Turned off system restore and hibernation (to eliminate their stores), added Ad-Aware 2008, Counterspy V2 (which won't update) and a couple of other things.
Super AS needed manual updating, it was blocked. Ad-Aware needed manual updating, it was blocked. Counterspy can't be manually updated as far as I can tell because it, too, is blocked. Hijack This won't even run.
I've never seen anything so vicious. These are my best tools. For the record the spyware programs are addressing a search engine hijack, and a rooted out a mess of other spyware and trojans. I suspect the rootkits are allowing the trojans in and the search engine hijack isn't the result of spyware.
There's too much on this PC to reformat so what I'm wondering is 1: any other ideas? and 2: Will an XP repair installation overwrite the hooked files in the install directory and the registry??
I have done a lot of work in Safe Mode and still others in Windows after using Code Stuff Starter to disable almost everything from starting with the PC (aside from essential Windows files). I'm seeing progress but not what I expected (especially given that those files and keys identified as rootkits are still in place)
Thanks for any light you can shed.
Po