Yesterday I got hit with a trojan. I am running windows XP Pro SP3, using ZoneAlarm version:8.0.298.000 (free) and Symantec-Endpoint Protection AV. Also have SpywareDoctor (free version), WinPatrol (free), AdAware and SuperAntiSpyware (free). I cannot visit websites like windows update, malwarebytes.com or uninstall-spyware.com, and cannot update any anti-spyware. All updates are blocked - Malwarebytes gives me an error message with error 732(12009, 0); the others just say I should check my settings. I can, however, get to most other website and I can download programs so long as they are provided on a third party website where I can right-click save them. Using this method I downloaded Malwarebytes and Trend Micro's rootkitbuster beta. I am able to run these programs. Rootkitbuster and Symantec find no problems.
AdAware and WinPatrol saw the thing on the way in; Adaware removed some of it, WinPatrol blocked it from running (more than it already had), and malwarebytes removed a bit more (see below). From WinPatrol history the troubles were most likely initiated with Cwf, CWG and/or FJ5MWNZTHI.
From Malwarebytes log (3 problems):
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\00000244.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully
-> Quarantined but not removed
I think it is the renos hoax, and obviously the thing is still in my machine, because I cannot update my security programs and cannot go to malwarebytes or windows update websites. I can post HJT and/or DDS logs, but cannot run gmer - my computer freezes.