Hi, i'm usually pretty good about handling virus's and about what sites to go to and what not, for a while, i've used lavasoft ad-aware and AvG free edition. About a week ago, while I was reading manga on a website called mangavolume, I noticed clicking, that wasn't cued by my mouse seeing as I didn't have my hand on the mouse, the clicking would continue, so I ran a scan via ad-aware, found some spyware, removed, clicking continued, ran a scan with AVG, at the time was still 7.0, it found nothing, upgraded to 8.0 a day later, also from another virus viewboard, installed malwarebytes malware removal, it found some virus's, a couple trojan clickers, mostly agents, and a couple downloaders. I had tracked down the file to windows\system32\config\cookies -> index.dat, which would be 32 kb, instead of the usualy 16kb, and would create text documents, there are alot of different names for these documents, such as ad@doubleclick etc, eventually I deleted the index.dat through safe mode, and that specific one never bothered me again and remains inactive and at 16 kb since. Recently though, in C\documents and settings\ localservice\cookies this happens again. I'd like to add that when I went to sleep the first night and it continued to make files, when i woke up it was playing sound advertisements, really poor quality speech, i didnt have my headset on so i dont know what they were about. I havent had the problem since i deleted the txt documents. In relation to my problem now, going into safe mode, deleting index.dat, doesn't really work, the virus or w/e it is, either A) Starts up again with the cued clicking and txt document making right away, or remains at 16 kb for several hours, upon switching to 32 kb and doing the same thing. When it is idle, scans with ad aware dont come up with much, malware bytes find one file and doesnt find it again until the virus problem starts again, that file is C:\\Windows\System32\comsa32, when the file starts up again, I can find 13 virus's, always the same 13, ad aware always find 2 registry values, the same ones, but they are removed and they cant be found again since they've been deleted, until the virus restores them. The thing that recently started happening, when I deleted text documents before, they would remain there, I could go into the folder before and always see them, when it makes them now, if now deleted within about 5-7 seconds they become invisible, I have view hidden files and folders checked, and always unchecked hide system files etc. The creates new copies of the hidden ones so the new ones have brackets, [1], [2] etc, i havent seen it higher than two, where they are hiding i dont know, ive checked other cookie folders, ive found one in networkservice, my own specific thing... correction i just checked.. here before this folder was EMPTY! C:\Documents and Settings\Petteri Bennett\Cookies has 32 kb index.dat, and 4 txt documents NO CLICKING SOUND at all today from start up from safe mode, ive been keeping it in safe mode running scans while I sleep so it doesn't gain progress or w/e while im unable to monitor it. Please I think i've listed all the problems ive faced, help me find out how to combat this virus!!!
Also! about the 4 txt documents in C:\Documents and Settings\Petteri Bennett\Cookies I don't know whether they are bad or not, language
english
steampowered.com/
1536
3476996480
30024370
1444455280
29950945
*
is what is found inside petteri_bennett@steampowered[3] &[2].txt and also in the other txt documents... are these also bad I scanned them and they didnt find anything... I was talking to my brother just a bit ago as well, he said it might be a worm, instead of a virus, he doesn't know though he hasn't had an experience like this before either, but yeah... ; ; hopefully someone can tell me what I need to do for this.
Edited by leviathan120, 21 August 2008 - 06:28 PM.