I'm unable to remove a Trojan from my computer (and also that of a colleague). I think it came from a compromised Drupal website which had 5 malicious PHP scripts (now removed).
I have run several anti-virus scans on my computer (Panda, AVG, Malware Bytes, HijackThis, and RKill), emptied my IE cache completely, installed all of the important windows 8.1 updates, and run "sfc /scannow" to check my windows system files.
However, when I open the previously compromised website in Internet Explorer, it returns a garbled set of characters that is much longer than this example:
<div id="mozxnfsbmtzz" style="position: absolute; top: -1333px; left: -1818px">bccfbh dwbzahc. (and so on) </div>
If I open this website in Safe Mode, I don't have a problem.
AVG has found a JS-Redir trojan (often txt files in the AppData../InetCookies directory), however after removing it - it keeps coming back.
I've repeatedly checked the various windows processes that are running, and also reviewed the Pandora Process Monitor to see what websites are being open - and found nothing suspicious.
I'm running Windows 8.1 in Administrator Mode.
I'm pretty sure there is a malicious service that is running which keeps reintroducing the virus into my computer, but I haven't been able to detect it.
I'm wondering what I can do, short of reinstalling Windows?
I am considering some kind of plan where I start off booting with the bare minimum of windows services, and keep adding services until the virus comes back.