Hello everyone,
I'm new to the boards but that obviously means I have a problem also. I just want to thank you all in advance for your help as I've noticed these boards are quite resourceful and quite a few gurus seem to frequent it.
The risk is the Trojan.fakeAV
I've been having some trouble getting rid of this lil bugger. I'm using NAV 2010 and though it seems to be blocking this trojan every few minutes or so there is nothing to be found in the scans. I have what seem to be the described symptoms including; redirects, Internet Explorer poping up when I access links outside firefox though my default is set to firefox, and i cannot shut down iexplorer.exe in task manager without it immediately popping back up. I also have no administrator access to my msconfig startup settings though it is the only account on this box. It simply says that Access is denied. However, I dont have anything starting up that I dont recognize.
The files seem to be appearing in my C:/windows/temp directory and when I do check that directory I have the following files inside :
hlktmp, ib6.tmp, ib7.tmp, ib8.tmp, ib9.tmp, ibA.tmp, Perflib_perfdata_384 and Perflib_perfdata_444.
All these files seem to be in use hense not deletable.
I have run NAV full scan and combofix with no results currently. I have tried manual removal having checked all the corresponding registry entries and they seem to all have the default values as they should including the absense of winav or printer.exe both in registry and my computer. Yes I have made sure that my system restore is Off. I've ran multiple searches for key files known to be the cause of infection but have not found them either.
I am currently running an Malwarebytes Anti-malware full scan in hopes this may at least point me in some direction but unfortunately as it is 5:17AM and i've been doing nothing but this since I got off work I will not be conscious for its log file to upload with this post. I will however post the log when I wake up unless someone might have something for me to work from before I get that chance. Once again thank you for your help.