Hello. I'm an Avast! Home user, the free edition.
Thursday, December 4, I suffered a pretty devastating virus/worm attack. I will probably end up re-installing everything from scratch, but I wanted to run this past you guys, as well as some odd behavior that preceded the attack -- it may or may not be related.
On Thursday, November 27, when I started my computer, Windows XP SP3 popped up an alert that my antivirus program was out of date. I opened Avast!, but it reported that it was fully up to date. I eventually discovered that my computer's clock was showing the wrong month -- it showed the correct time of day and date, but it was showing December instead of November. I assumed it was a flaw in Windows and reset my clock.
Exactly one week later, on December 4, when I turned on my computer and ran Ad-Aware, it showed one of my programs to be a Trojan. I've had the program for a year, but had not used it in 6 to 8 months. Since I was confused by the report I (unfortunately) did not delete or quarantine it. Instead I ran Malwarebytes Anti-Malware. I immediately began getting alarms from Avast! about new Trojans being found, and too many identical outgoing emails. MBAM eventually stopped the active attack.
I ran MBAM again, Spybot S&D, and SUPERAntiSpyware -- as well as Avast! All scans are coming up as "no infected files found" ... but something is definitely going on.
My continuing obvious symptom is that Google searches are often, but not always, redirected. The redirection often passes through sites that are reportedly involved in cyber-crime.
Other than that, SUPERAntiSpyware acts ... strangely ... when scanning my Registry. It increments a file counter as it scans each file but, when it gets to a certain count in my Registry the filenames begin to fly by very quickly, but the file counter does not increment. What I can catch of these uncounted filenames includes some of the sites I've been redirected to, as well as sexually explicit names, and words like "porno" and "poker." After 5 to 10 minutes of this the file names slow down and the file counter begins incrementing again.
Then, on Tuesday, December 9, I got 6 automatic updates from Microsoft. They seemed legitimate. When I booted up after the updates were downloaded my destop was replaced with a white screen warning me that Windows had encountered an unexpected error and was turning off my active desktop as a precaution.
So, something is still wrong.
I am waiting for someone else to check my HijackThis logs, but I'm assuming I will need to do a format and full system reinstall.
Mostly, I wanted to report this.