[bergsa]

A buddy asked me to help clean up his PC. What a mess!

I have run Spybot, ewido, spy sweeper, Norton Antivirus and ScanSpyware. Each has deleted something, totalling a couple hundred items (look2me, drdownload, Vundo, WinHandler, cookies, contaminated restore points, etc.) Which left the tough one...

After the final All Clear, I rebooted. The desktop repainted, then hung for a couple of minutes. A system command window appeared in the upper left. The task manager showed "project1" as an application. When it closed, I was bombarded with a popup or popunder at least once per minute. Typical host sources were amaena, zip404, etc. There was even a Macromedia Flash object that popped up dead center on the screen.

I ran the checkers again and suddenly had over 200 malware items. My suspicion is that the checkers missed one trojan activated on boot that immediately downloads MANY malware items, reversing hours of scans in a few minutes. I'm going over to my friend's house now to run some new scans.

So, if I post a HijackThis log in the next message, will you suggest a fix?

Thanks!

Scott

[Advertisements]

Hi bergsa

Welcome to G2G!

Please do this:

* Click here to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Doubleclick on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Hijack This.
• Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
• Put a check by Create a desktop icon then click Next again.
• Continue to follow the rest of the prompts from there.
• At the final dialogue box click Finish and it will launch Hijack This.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

[Flrman1]

Hi bergsa

Welcome to G2G!

Please do this:

* Click here to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Doubleclick on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Hijack This.
• Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
• Put a check by Create a desktop icon then click Next again.
• Continue to follow the rest of the prompts from there.
• At the final dialogue box click Finish and it will launch Hijack This.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

[bergsa]

Well, after another three hours of mind numbing scans, I think I have it licked.

I ran ewido overnight and it found a couple of things and fixed them. An apparent side effect was that the network link went offline due to a failure to get an IP. All that went away on reboot. Then I ran a couple of other removal programs and found a few more minor items.

The PC is up and running. There may be one popup ad virus left, but at least the PC is usable again, and with quite a performance gain.

I'll keep this place in mind!

Thanks!

Scott

[Flrman1]

You should still post the Hijack This log.