I did my best to follow the "required reading" protocol above.
A few notes:
system restore turned off.
Unable to update windows as whenever I try to go to the site I get "Internet explorer cannot display the webpage."
McAfee shows fully protected in normal mode, everything is turned off in safe with networking mode. Unable to "fix" as when I hit fix button, it loads then gives error message.
Tried updating DAT and cannot as says unable to verify source. Similarly cannot download virtual technician.
McAfee scan in normal and in safe shows Spy-Agent.BW.GEN!MEM Trojan found, but says removal terminated. Also says no action needed.
Tried Stinger in both normal and safe mode, found nothing...
Tried Stinger as suggested with report only, scan folder off, and heuristics very high, and reported Artemis!9D7C7E195F65 Trojan found.
Unfortunately, this is as far as I've been able to get, and I'm about at the end of my puny computer knowledge!
Thanks for any help offered!
What sort of symptoms are you seeing on the machine?
Also could you search for a file called pdfupd.exe (should be in a directory ending in /local settings/temp) and delete it if it's there?
Can you try running stinger agian in report only mode and 'very high' on the heuristics level and them post up the report?
Finally, you might want to check the host file to see if it's been modified via the typical location of C:\windows\system32\drivers\etc\ then file 'hosts'. Typically malware will try to block users from accessing certain sites by changing this host file to block access.
Edit the "hosts" file with the Notepad application to see if there are any additional entries beyond the standard template like below:
# Copyright (c) 1993-1999 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
# For example:
# 220.127.116.11 rhino.acme.com # source server
# 18.104.22.168 x.acme.com # x client hos
Following helpful advice from paullation and AlexSha, this is what worked for me:
1. Start Windows in safe mode with networking
2. At resulting black screen (virus stopped exp[lorer loading on startup) CTRL+ALT+DEL and then file/new task/explorer.exe to reveal the icons on my desktop
3. Launch IE and download Malware Bytes
4. Install Malware Bytes and update DAT file
5. Quick Scan
6. Hey presto: files identified and quarantined.
Hope this also helps you