Not to condemn, or condone -
Each to their own -
I got a NON-ANIMAL SOURCED virus on my computer last year, and I did everything to try and clear it, went to Bleeping Computer, tried RSKill, Malaware, SAS, Spybot, nothing worked, nothing. I even put a Linux over the top and tried to pick the file out from there, cos I could see the nasty fucker, lots of numbers, in program files, if I remember right, but it would just come back.
Then I found this:
TDSSKiller - downloadable from here
http://support.kaspersky.com/faq/?qid=208283363This just walked in, like a big fucking Russian entering the room, and got the fucker in less than 10 seconds, smashed him to bits. After that, you can run all the other MalawareBytes, Spybot, and they'll pick up everything let in on its back. But they hijack the Registry, and Administration, and when they recognise something as a detector, or cleaner, they take it over, stop it from running. If you open Task Manager, Ctrl + Alt, + Delete, and look down the processes tab, you might see something with a long string of numbers, might not even have a thingy bit, doc or exe, after it. That's your fucker, but getting rid of it is a nightmare.
It's Kaspersky, which I didn't know at the time, but they are good. Here's their explanation of what it does.
A rootkit is a program or a program kit that hides the presence of malware in the system.
A rootkit for Windows systems is a program that penetrates into the system and intercepts the system functions (Windows API). It can effectively hide its presence by intercepting and modifying low-level API functions. Moreover it can hide the presence of particular processes, folders, files and registry keys. Some rootkits install its own drivers and services in the system (they also remain “invisible”).
Kaspersky Lab has developed the TDSSKiller utility that allows removing rootkits.
How to disinfect a compromised system
Download the TDSSKiller.exe file on the infected (or possibly infected) computer;
Run the TDSSKiller.exe file;
Wait until the scanning and disinfection completes. A reboot might require after the disinfection has been completed.
Hope that's some use to you.
And meanwhile, a friend of mine, a very large male 50 year old tax inspector, got quite annoyed, and called the staff prudes, when he got asked to leave the local library after triggering a virus alert for attempting to access, on the library computers, a hardcore Bulgarian gay porn site he had been told about.
Just thought that might make you feel less alone.