Anyone ever heard of suurch.a? Help me get rid of this and other problems.

HELP! I'm new here. I'm a home small business user in the Milwaukee area. I run Windows XP and CA Anti-Virus and CA Spyware remover. My CA anti-virus is telling me in my realtime scanner REPEATEDLY that it is detecting Win32/suurch.a in my "documentsandsettings\owner~1\localsettings\temp files. It gives a random number each time. It tells me the temp file is infected and then, it deletes it. Then, it happens again. I have repeatedly deleted my temp files. I am running Firefox as my browser, but IE7 is on the computer. I can't figure out how to get rid of it, nor am I sure I want to, but somewhere in the last month, IE7 quit showing pictures and after pulling my hair out, I downloaded and now use Firefox. Anyone have any problems like this?

I also downloaded Ad-Aware yesterday in the hopes it would pick up something that my CA does not. It's still happening - getting infected real time suurch.a messages.

Also, about a month ago, my husband went to an innocent looking website, researching some information on a sugar substitute, and the computer got the Fake.AV trojan from it. That trojan is gone now, but so are two of my Control Panel categories: accessories and Folder Options! The latter makes me pull out the remainder of my hair that was left over from wrestling with suurch.a. HOW do I restore those? I cannot see hidden folders at the moment, and that may be why I can't get rid of the suurch.a.

Any thoughts, oh wise ones?

Robyn

 

How Can I do the Malware Read and Remove process if Folder Options is Missing?

Thanks, Chaslang for the protocol for getting rid of my suurch.a, which is a VIRUS. However, as I read through it, my heart sank because I cannot tell my computer to show hidden files. That's part of the PROBLEM. The "folder options" and "accessories" categories are missing from my Control Panel! So how do I proceed with your malware removal protocol? I'm running XP Home Edition. Thanks, Robyn

 

Hi Chaslang. OK - I ran the whole Read and Run procedure. I could not tell my computer to show hidden files because my Folder Options was missing from my Control Panel. It is now back. YEAH!!! However, my Accessibility Options icon is still missing. Should I worry about that?

I'm attaching two of the logs the protocol asked for: the SASlog and the Malwarebytes Anti-Malware Log to this reply. The other two will come next.

By the way - when I ran Combo Fix, since I did not have an XP disc that came with this computer, I downloaded the document at support.microsoft.com/kb/310994, and I dragged it into the Combo Fix icon, as instructed. When I launched the program, it began to run, and right off the bat, told me that ComboFix had an updated version available, so I updated it. Then, after it began to run, I got a message saying "Windows Recovery Console is already on this machine". It aborted the procedure. I started over. It ran OK after that.

Finally, when I ran MGtools, after it was done, I got the following message:
"Application has generated an exception that could not be handled. Process id=0x398(936), Thread id=0xaa8(2728). It said I could press OK to stop the application, or "cancel" to debug. I chose to debug. I then immediately got this message: "Registered JIT debugger is not available. An attempt to launch a JIT debugger with the following command resulted in an error code of 0x2(2). Please check the computer settings. cordbg.exe !a0x3a8".

So, whatever all THAT means. I just 'x'ed out of the message, and the final screen came up. "Scanning Complete". I did not see a sample error message that compared to mine, so I did the best I could, being the "ungeek" I am.

So, I'm attaching two files here, and I am NOT getting suurch.a notifications anymore. The only thing that seems to be missing is my Accessibility Options in the Control Panel. THANKS for ALL your help!

Gratefully,
Robyn

 

Hi Chaslang - Here are the remaining two log files from ComboFix and MGtools. Let me know if you see something else I need to address.

Thanks!
Robyn