Hello/Introduction

First time, after 10+ - 15 years of online experience, that I've had a serious problem.

First was on my wife's laptop (WIN XP). Her first complaint, last weekend, was windows shutting down unexpectedly. There would be a host services error, then an error regarding DCOM services launcher stopping unexpectedly and a countdown to windows shutting down. It appeared to happen roughly 10-15 minutes after booting up. Turning off wi-fi would prevent the shut down cycle.

Then when trying search on the DCOM error, I found that the browser (IE Eight) would redirect to various "shopping" web sites when clicking on a search result link. When mousing over the link, the correct URL would show in the status bar. When clicking on a link and watching the status bar, I would see a URL with a .cn domain, before the browser redirected to the final URL.

I ran scans with Microsoft's Malicious Software Removal Tool, Malwarebytes, and a Norton, and all were negative. Lastly, I ran SuperAntispyware. It detected tracking cookies only. I scanned quickly down through the tracking cookies, and they were indeed cookes, at least as shown by the application. I decided to remove while I was at it, and then rebooted the laptop. The laptop after that did not boot up. It crashes when starting windows, I see the blue screen, and then it displays the screen that gives the options to start in safe mode, etc. That's where I left it.

A day or two later, my wife noticed that the Norton Identity Safe wasn't functioning on our desktop. I took a look and observed that all the icons were gone on the Norton toobar, and Norton Internet Security was not running. I clicked on Norton Internet Security icon on the desktop, and it wouldn't launch. I rebooted the computer, and observed that Norton did not start. There was no indication from Norton that there was a problem prior to this, and Windows Security Center did not alert that the ant-virus was off. I had run Malicious Software Removal Tool and Norton, Malwarebytes and Norton in the days before when my wife's laptop had the problem, and all were negative every time. I later ran Malwarebytes quick and full scans in safemode and it was negative again.

I know we are SOL. I formatted the desktop and reinstalled system software from a recovery disk. I haven't done the laptop yet.

So, I'm trying to get better educated. I've been online for 10+, maybe 15 years, and nothing like this has ever happened to us. I don't know when or how we got infected. The only thing the desktop and laptop have in common is my wife. We have a netbook which I use a lot and which I'm using now, and it is on the same internet connection as the other two, and it is not showing any symptoms of malware and scans are negative. I've tried to learn about msconfig and netscan, and as far as I can tell the netbook is not phoning home. I think it is clean, but now I'm worried there is no way to be sure.

I found this site beginning at a microsoft forum and following interesting links.

 

Thanks. That article will take some time for me to digest. I've bookmarked it to read after work.