Help with this nasty little Bug ger...

Howdy,

Hope someone can advise. Here's the novel about my trials with this little bugger. I've read the "read and run me" sticky but have done the below prior to coming to this site. Hopefully I've already done the basics req'd. If you want me to start from scratch from the "read and run" sticky I can. Maybe have a read though plz first.

Initial
Appears as though my daughter got a little bugger on my box that's causing me some major grief......... won't let AVAST update or download newer version, turns off the automatic updating from Windows Security and probably a couple other things that I havn't found out yet. The problem is I logged onto windows in safe mode with networking, downloaded updates for AVAST and Spybot Seach and destroy. Proceeded to run SS&D with several trojans found. Nuked all those, immunized with the new database. Then ran Avast and it found a couple others. Set a boot time scan and it found some more stuff and Avast deleted them all, but I think the little bugger is re-installing itself with all this crap since when I log on as it seems to be back just as before.

TRy #1

Started up in safe mode with networking and a pop up showed itself saying I had infections and go here and download blah, blah, blah to clean...........strange as I've never seen malware pop up from safe mode.........I turned off system restore and downloaded the executable Malwarebytes setup file from a different box and installed. Even though I had an internet connection and windows firewall configured for MWB to access it wouldn't let me download the updates........strange........but I'm running MWB now with the initial install rules only. I've downloaded the newest rules from a different box. At present it's looking as though there's 60 infected objects and counting. Whether it gets them all without the update I don't know, but I'll run again once I install the new rules........ Any angles on the apparent malware running in safe mode would be appreciated.

Try #2

Initial MWB run found 80 infected objects, looked at the quarantined items, made sure they ware all checked and clicked remove. Massage came up that Regedit had been disabled and will affect quarantining pricess, but also indicated that MWB anti-malware will now enable regedit. I rebooted as requested as there were some that would be nuked on the restart. Restarted normally, then shutdown and restarted in safe mode once again. At this point MWB was able to get out and download the updates.......After the second run it found an additional 10 items........Restarted normally and it appears as though the same BS is happening again. Windows firewall disabled, automatic updates disabled, AVAST wouldn't start up like it normally does, couldn't update AVAST........So restarted again in safe mode, uninstalled Avast, downloaded and reinstalled new version of Avast, updated detection files, and now running a scan and then I'll run MWB again........

Try #3

After updates MWB found 3 more files in safe mode, just finishing an AVAST boot time scan and will update once it's complete. I have a feeling the reinstallation will continue to occur.....


Thanks for your help in advance,

Cheers,
Max

 

Thanks for the response,

After try #3, I started in safe mode once again, uninstalled Avast, reinstalled and updated Avast, ran scan, quuarantined any infections, ran MWB once again, deleted all findings, set a boot time scan for Avast, ran that and voila, everything seems normal, no more disabling updates of antivirus app, disabling widows updates and firewalls etc. Not sure what got it, but everything seems to be ok.......strange since I had spywareblaster running and an updated avast program.........I believe the daughter downloaded it inadvertantly thinking she needed it to listen to music watch a video etc.

Cheers,
Max