If you can get onto another computer, use a USB flash drive and install MalwareBytes on it, then change the name of the mbam.exe file to something else so that it can't be deleted, then try to run it on the infected machine, update it, and run a scan. It should help free Task Manager if anything.

I should probably get around to making a folder full of virus combating programs. Googlefix is excellent to stop the redirecting BS, but I have a very hard time finding the actual program online nowadays.

____________________

Originally posted by Pandaren

---

I'll have to give Malwarebytes a try when I head home for the weekend again. :/

---

I'll also try and see if I can get together my collection of virus/annoying unwanted changes programs together and upload it somewhere. You might need a couple more as well, though these things are a bitch to find sometimes. LIke I said, Googlefix is very useful.

____________________

788?!

Holy shit, my attack earlier this year only had about 50, 100 tops. :U

Yeah, keep running the scanners, one at a time, restart, update, scan again, etc. If anything, it should keep the bug down.

Also, you mentioned ZoneAlarm. This family has had that program for over 10 years now, and if I recall correctly, the aforementioned attack was the only major event that has happened, security-wise. Great program, and I highly recommend it to anybody who doesn't have a low-end machine (So anyone with above 750 MB of RAM and more than 1.25 GHz processing power, if I recall my dad's specs correctly. It works, but it slows down the computer significantly.)

Anyway, there may be things that keep coming back, so first make sure you're doing the deepest scan ZA has to offer (For me, it's under Anti-Virus> Advanced Options Button> Scan Modes> Then the radio button for Super Scan, which includes a root kit scan). If things are still popping up or if you already have that on, go into Firewall, then Advanced Options for Internet Zone. Under Medium Security settings, check and select the following options and ports to block traffic from:

Incoming NetBIOS from ports 9-137 to 445
Incoming ping (ICMP echo)
Other incoming ping
Block incoming IGMP
Incoming UDP ports: 9-137, 445
Incoming TCP ports: 9-137, 445

There may be programs that you use that may need certain ports in the blocked ranges to function, so check on all the major ones and which port they normally connect to the Internet on, and see if you can change it. If not, you can simply edit your settings to allow it. For some reason, I kept getting backdoor things popping up, but once I blocked these ports and killed those files with a scan, they didn't come back. But for whatever reason, your preferences are deleted whenever you reconnect to the network with a new IP (such as when replugging the modem when Comcast decides to be an jerk and kill the connection), and I just learned about this just now, so keep a text file of your settings so if that does happen, you can just retype it all in.

The best thing to do is to make sure all three scans are scanning each day (again, not simultaneous). I went for a near-constant scan attack, but daily can be fine as well. I'd also suggest Spybot S&D (on a flash drive, but I didn't have a problem with it on my machine), and depending on your browser to use the Immunize function, which works on Exploder, Firefox, and Opera. But it does eat away at resources, luckily there an option that can undo Immunization.

I hope any bit of this information can help you at all.

____________________