spyware help

[zhon]

Im Infected by a new spyware or a malware or a worm perhaps Im not so sure, but it has disabled my task manager and occasionally a window pops up that looks like a scanner that has a label "network security" and the page color is mostly red and it also have a meter that shows what degree the infection is, and if it pops up it goes with internet explorer that shows the page that looks like the windows xp security center and wherever you point the mouse it changes the cursor to a link pointer. I scanned the system with AV but it detected nothing, I tried to scan using AVG and it did found out like 30+ things of spyware and malware but the popping up issue is still there. And also it created a desktop wallpaper that overlaps my own wallpaper where on the fake wallpaper you can click to a link that says "scan now", I installed windows defender and it did found out some spyware too and well it did remove the fake wallpaper but the popping windows is still there, what im really worried is that my task manager is not working anymore (cant access using ctrl+alt+del). So if someone out there has an experience about this issue any advice will really be appreciated. I will try to fix this using different on line scanners and see what I can bump into. if nothing will work I guess its time to reformat again, whew... sounds like theres a lot of work to do.

Help 

[Spiritsongs]

   Hi :

  You MAY have a "rogue" on your computer !? To check out that possibility,
  use the FREE "RogueRemover" from
  www.malwarebytes.org/rogueremover.php  .

  SPECIFICALLY, What are the Names of the antispyware/antitrojan program(s)
  on your computer ?  IF you have none, I recommend the FREE Version of
 "SUPERAntiSpyware" from www.superantispyware.com .

[Lisandro]

I suggest:

1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on.
4. Use SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
7. Immunize your system with SpywareBlaster or Windows Advanced Care.
8. Check if you have insecure applications with Secunia Software Inspector.

[areynaldos]

I got the same problem today: task manager disabled, so I suspected a virus.

Luckily I had installed another process manager (TuneUp Utilities) so I was able to locate the offending process: RJKFFARG. Although that was the name of the process, it was mapped to WIN32.DLL in the windows\system folder.

As I am familiar with the processes that run in my computer, I killed the RJKFFARG and proceeded to restore the Task Manager through the registry.

Then I ran SuperAntiSpyware as suggested here, and it found Adware.Vundo-Variant/Small-A in the computer... And the related files were... RJKFFARG.DLL!

So now I'm sure this was the problem. I use SpywareBlaster, Lavasoft Ad-Aware and Avast! Antivirus...

This is the second infection that I get when using Avast. The first one was the AMVO virus... Can someone please comment on why Avast is letting this infections through?

[Spiritsongs]

   Hi Areynaldos :

  New "Vundo" varients are being developed every day . Every time I run a
  SUPERAntiSpyware Definition Update, it seems there are always "Vundo"
  included in the "List" . Very difficult, if not impossible, to keep up .
  Perhaps you should run the FREE "VundoFix" available from  http://vundofix.atribune.org/ on a regular basis, making sure you follow the
 "Normal Usage for Removal:" Instructions !?

[Lisandro]

Can someone please comment on why Avast is letting this infections through?

Because not a security software is perfect... maybe you have disable some protection from avast... maybe...
Hope that you follow the steps I've posted before on reply #2 too.

[areynaldos]

Thanks Tech. I use AVG antirootkit, and yes, I also use Spyware Blaster. Because of the previous AMVO infection,  I set all my Avast settings to HIGH... but still got the virus.

I will run the other antirootkits that you mention, just in case 

[Lisandro]

I set all my Avast settings to HIGH.

Seems that avast should improve detection, period.