And once you get rid of it, how do you keep it from coming back?
How did the Bitdefender boot disk go?
From inside the Native OS (these are not bootable solutions):
Kaspersky AVPTool is a cleanup engine (manual scanner, limited-time use). DLD and install per normal settings. Run the scanner (if you next'd through the install, it will be on your desktop) After completion it will ask to uninstall.
**NOTE** If you say NO, it will remain... One can run it again from within it's folder on your desktop. But it MUST, MUST, MUST be run again/quit, w/ ask uninstall... Choose YES to uninstall. OTHERWISE, if the uninstaller isn't used, it will leave a low-level driver running in your box. DO NOT just delete it's folder.
ELSE, just choose "YES" to uninstall in the first place.
Each time it is installed, it will have a different and unique name... This is normal, so that bugs can't detect it by it's name. Not to worry.
REF: http://avptool.virusinfo.info/en/
NEXT Option:
WebDoctor Cureit is similar in function to KAV's AVPTool, in that it is a single DLD package. But it is simpler to use - Just DLD the executable and run it to fire up the scanner... Delete the executable when done.
WebDr Cureit is a pretty good scanner, but it is usually my last resort... It detects brilliantly, but very aggressively, and can come up with false positives. Be careful if it is giving you "generic" or "maybe" labeled names... It's a crapshoot as to whether they are really infected IMHO.
Try those and see. Best to run them from safe mode if you have it. Then see what is next...
And once you get rid of it, how do you keep it from coming back?
Windows: SP-3. Newest IE (whether you use it or not, PS: Don't use it, see below), Newest Media Player (whether you use it or not). ***ALWAYS ALL UPDATES***.
Firewall: Meh. At LEAST Windows Firewall running. More than that is questionable, especially if you are behind a router.
AV (Choose ONE from below):
Norton, Mcaffee, Trend... All are POO. Discard, slap upside head for being a dumba$$.
NOTE: McAffee and Norton do not uninstall cleanly, and you must find their respective uninstallers and run them AFTER normal uninstall/restart. Otherwise, many other AV's will not install due to their vestiges.
Everything below (except F-Protect) can be found at http://www.filehippo.com, mostly in the "Anti-malware" section.
For $$, the very BEST is Kaspersky Anti-Virus (Don't need the full Internet Security version) For multiple machines, find a local dealer that can set you up with corporate KAV (way cheaper). Extremely effective, but can be heavy (fat) on older machines.
Next best, NOD32 by Eset - Though if multiple machines, this gets spendy fast... Very effective, but it is very light-weight
Next best: F-Protect: Just about as good as above, but killer good deal for multiple boxes... $30 per year buys 5 seats. Very effective, pretty light-weight. This is my house brand, though I use Kaspersky on my server and test-benches.
Honorable mention: Sophos, BitDefender.
ALL of the above have 15-30 day trials, so try them and see which you prefer. ONLY ONE AV running on the box at a time
If $$ is a problem, FREEWARE:
Microsoft Security Essentials - Excellent protection, and probably the best AV at finding Rootkits. I run this on my laptop. NOTE: Requires Activated/Genuine Microsoft, so if you are running bandit, nevermind.
Avira Antivir (personal free): Excellent, but does not include an e-mail scanner. If you use only web mail (Yahoo, Gmail, hotmail, etc) this is a fine solution.
SPYWARE:
MUST HAVE Spybot Search and Destroy. Doesn't detect everything, but what it does, it does very well. Also has good adv. tools for start-up management, HOSTS file, etc. Note: turn off "tea-timer" on install.
AND
SuperAntiSpyware; Super all-around at spyware detection. If you are a malwarebytes fan, this could be skipped - But I think SuperAntiSpyware is better.
CLEANER:
CCleaner dumps all caches and trash with the push of a button. MUST HAVE.
Operation:
Only the AV runs in background. all others are manual scanners. So you have to run them once a week or so.
Running CCleaner first removes cookies and temp stuff, so any hits with the anti-spyware/anti-virus will be serious ones... So pay attention:
1.CCleaner
2.Spybot S&D (Update, immunize, scan, fix)
3.Superantispyware (Update, scan, fix)
4.Antivirus, (manual update, manual scan, fix)
Finally, for web browser, use Firefox, or Opera. Do not use IE for surfing, though it is fine for sites you know are safe. Preference is Firefox.
For Mail, use Thunderbird, Eudora, or Pegasus. Avoid OE and Outlook, UNLESS you have a PIM that you sync to your box. Preference is Thunderbird.
Browser and mail are important. IE and OE/Outlook use ActiveX, which is a sorry way to go. Install Sun Java, and most sites will use it instead, but even displaying a message in a preview pane in OE\Outlook can get you infected (Preview uses ActiveX), and most drive-by scripts use ActiveX code to infect.
Ancillary:
Newest Adobe Flash (two installers, one for IE, one for Firefox/Opera.
Newest Adobe Shockwave (if Shockwave is installed)
Newest/update Java