Didn't know that shortcut.

Learn something new everyday!

Door swings both ways ....

That it's final is why Windows asks do you really truly finally want to get rid of that file!

Thanks for the continued suggestions.

Last nights attempt to clear the problem was a good step forward. At the end of a very long scan I had 1531 instances of the AntiVirus infection, all of which were cleaned succesfully. When my PC restarted I also had a taskbar that behavied itself. At that point the Windows started up as an icon in the taskbar showing itself as a green shield with a message that Windows needed to restart as it had updates.

This was very suspicious as I hadn't been connected to the internet (unplugged my network cable) for the past day and had restarted several times during that period. I passed my mouse over the icon and Brown coloured icon for the updater appeared, the green icon vanished and the taskbar started its usual vanishing act a few seconds later.

This together with all the new virus and trojans I keep finding made me think the Windows downloader is infected. I have been into the Windows Security centre to try to dissable it but the dialog box is empty, displaying only a message that the service hasn't started. This is the same no matter how many times I restart the PC. I have now blocked RUNDLL32 in the firewall just in case.

Any ideas?

I have yet to try the other remote scans of my PC but will try later tonight.

Many thanks

Perhaps I have missed it, but have you turned off System Restore to delete what seem to be infected restore points?

And have you tried the various scanners, Malwarebytes, SAS and NIS2008 in SAFE MODE?

IMHO these are both critical steps in eliminating the infection. Hopefully in safe mode, the infected items will not load up and you can destroy them while they are "asleep".

Thanks. Yes I did turn off my System Restore and I have now tried the Malwarebytes. First scan found 17 infections, a couple of downloaders and 15 Vundo infections. It managed to clear them but 4 required a reboot. On startup I reran the scan and it found a further 3 Vundo infections. These were removed and so far I have kept scanning clean with all the scanners I have been trying. There's no unusual activity and I have restarted a couple of times to test it out. The only thing I haven't done is unblocked Windows Updater from my Firewall. Once I have done that I will run for a couple of days scanning regularly then report back.

For a free software package the Malwarebytes is really something.

Thanks for all the help everyone

Good to hear. Please keep us posted

I am very glad to hear you have been successful. Be sure to run Live Update on your NIS 2008 as soon as possible and run a full system scan daily for the next week.

Also, I would strongly advise against making any online transactions (i.e. entering credit card info) until you are absolutely sure your system is clean. I would wait at least a week or more and that is after running scans regularly during that time.

Best Wishes.

Phil

N.I.S. 2008 has Crimeware Protection which Blocks Programs which try to obtain your Usernames, Passwords, e.t.c, a.k.a. Online Transactions., so there is no need to worry.  Make sure this is Turned On.  To do this, follows these Steps: Open Norton Product > N.I.S. tab > Settings > Transaction Security > Crimeware Protection.

Also, I would advise Running LiveUpdate Manaully every-few-hours and doing Full System Scans at least twice-a-week; if you have Automatic LiveUpdate On, change this to Express Mode.  To do this, follow these Steps: Start > Control Panel > Symantec LiveUpdate > 01. General Tab > 02. Automatic LiveUpdate (Two Hours).

Thanks everyone. I do already have the Crimewatch protection on but it's a very good call.

I just finished running another round of scans in Safe Mode following the advice given here and it picked up something called Rogue Installer which looks to have been resident since the early attacks but has now been removed. Everything is continuing to scan clean.

It just goes to show that once you have been hit you need to respond with multiple scans repeated in quick succession, minimise time on the Internet, scan regularly in both Windows Normal and Safe Modes. Most importantly seek the help and support of others.

Thanks again for all the help

Well done.

It sounds like you did it!