Hi, everyone. In my 10 years or so of using Windows, I have come across a virus just a handful of times, but none have been as difficult of boggling to address then the "New Win32" virus (per McAfee VirusScan Enterprise 8.5.0i) that I picked up last night.
Yes, I was logged on with admin rights - yes, I know that was bad bad bad. I needed to burn some images and I realized some time ago I couldn't do so using Nero as a limited user, so I changed my account type to do so and, unluckily caught this virus.
I was browsing with Firefox when all of a sudden I saw a pop-up in my systray warning me that my anti-virus software was turned off. I found that strange since it's always running. I reactivated it right away but noticed FF crashed and when I re-started it my homepage had been changed. I knew something was up so I rebooted and that's when I noticed I had strange shortcuts on the desktop. I rebooted again in safe mode and ran a scan, with the results that 100 items were detected. Upon scanning the list I noticed that many of them were normal program file .exe's that had been deleted after detection as "New Win32" virus. After that cleanup I rebooted and tried running some of those programs - none of which would run because the .exe files had been deleted.
I have been using Ghost 2003 as a safety tool for years. I used a boot disc to run a restore to the last image I made on June 30th of this year - so just a month ago. That image as clean, as was my computer for all the time up to last night. This is where things get strange... after restoration and reboot, the virus is still there! They are still program file exe's that are on the C drive.
I have a partitioned hard drive with the operating system on C and my various other files on the remaining drives (3 others, for 4 total drive, including C). I had long ago re-mapped my My Documents folder and some other folders to one of the other partitions. Fearing that some remnant of the virus could be on one of the other drives I scanned every file on every drive and found nothing, then restored the image again. Still, the virus persists and my exe's begin being deleted almost immediately upon reboot.
On the last restoration, I rebooted directly into safe mode with networking. I updated ad-aware and spybot in safe mode then ran scans. Nothing was found. I could not update McAfee in safe mode. I then rebooted in normal mode to find the problem was still present.
This is very strange to me that restoring my computer to an image from a month ago when it was fine (using Ghost, not system restore) still ends up with me having the virus. Again, I scanned all the files on every other partition. Does anyone have any ideas?
