I get popups in IE on like every other link I hit. I've read up on the forums here and have followed the advice Bananafanafo gave another victim below. I've used Ewido in safe mode and got this as my scan report:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 1:13:00 AM, 5/2/2005
+ Report-Checksum: 3CEE7CF5
+ Date of database: 5/2/2005
+ Version of scan engine: v3.0
+ Duration: 24 min
+ Scanned Files: 42263
+ Speed: 29.05 Files/Second
+ Infected files: 4
+ Removed files: 4
+ Files put in quarantine: 4
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
+ Scan result:
C:\HijackThis\backups\backup-20050501-231132-149.dll -> Trojan.Delf.cf -> Cleaned with backup
C:\HijackThis\backups\backup-20050501-231419-658.dll -> Trojan.Delf.cf -> Cleaned with backup
C:\WINDOWS\system32\mr0.exe -> Trojan.Delf.cf -> Cleaned with backup
C:\WINDOWS\system32\zww7ka.dll -> Trojan.Delf.cf -> Cleaned with backup
::Report End
Does this mean my troubles are over? Or is there more I can do?
The zww7ka.dll is the super pain. I tried deleting it in every way possible and it just kept coming back. Grrr.
Thanks in advance for any help
Edit: I noticed the Zww7ka.dll still tries to get in but Ewido Security Suite guard catches it. Oddly enough, it doesn't try to get in untill I open Internet Explorer.
Edited by enzoblue, 03 May 2005 - 01:32 AM.