[Daemon]

Oh man - you typed all that

Didn't really help much. Do this for me. Click here to download CWShredder. Check for an update then run it, hit 'fix' as opposed to 'scan only'. Reboot when done.

Click here to download Spybot Search & Destroy v1.4 - install, update, scan and fix all RED items it finds. Reboot when done.

Click here to download Ad-Aware SE and install. Before scanning click on "check for updates now" to make sure you have the latest reference file.

• Click "Start"
• Select "Perform Full System scan"
• Click "Next" to start the scan.

When the scan is finished, the screen will tell you if anything has been found.

• Click "Next". The bad files will be listed.
• Right click the pane and click "Select all objects" - this will put a check mark in the box at the side.
• Click "Next" again
• Click "OK" at the prompt "# objects will be removed. Continue?".

Reboot when done.

Click here to download Microsoft AntiSpyware Beta, check for updates and run it. Reboot when done.

Click here to download ewido security suite - it is a trial version of the program.

• Install ewido security suite
• When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
• Launch ewido, there should be an icon on your desktop double-click it.
• The program will now go to the main screen

You will need to update ewido to the latest definition files.

• On the left hand side of the main screen click update
• Then click on Start Update

The update will start and a progress bar will show the updates being installed. If you are having problems with the updater, you can use this link to manually update ewido. Then:

• Click on scanner
• Click on Complete System Scan and the scan will begin (do not open any folders or open the windows control panel while the scan is in progress).
• While the scan is in progress you will be prompted to clean files, click OK
• When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop.

Now close ewido security suite.

Let me know what was found and post the ewido log here.

[Advertisements]

hi! I followed all your instructions as instructed..............everytime i restart my pc since following these instructions, Norton Antivirus pops up saying they have detected a virus and have removed it.......the same virus everytime.
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:35:17 PM, 09/16/2005
+ Report-Checksum: 2D5906E7

+ Scan result:

C:\directory\backups\backup-20050901-201416-437.dll -> Spyware.Virtumonde : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup


::Report End

Thank You for all your assitance it was greatly appreciated!!
Diane

[Diane86]

hi! I followed all your instructions as instructed..............everytime i restart my pc since following these instructions, Norton Antivirus pops up saying they have detected a virus and have removed it.......the same virus everytime.
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:35:17 PM, 09/16/2005
+ Report-Checksum: 2D5906E7

+ Scan result:

C:\directory\backups\backup-20050901-201416-437.dll -> Spyware.Virtumonde : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\r0jn1gfl.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup


::Report End

Thank You for all your assitance it was greatly appreciated!!
Diane

[Daemon]

It was previously detecting something in stopzilla, but you have uninstalled that. Could you post the exact path to what it is detecting now?

[Diane86]

Sure the exact path is

"The compressed file_43AE91230F5D4026A7E9003A590E5DEF within ?????? within C:\RECYCLER\S-1-5-21-1308477187-2351722726-2175170425-1003\Dc200\SZProFull.mis is infected with the Trojan.StartPage virus"

[Daemon]

Click here to download System Security Suite. Extract it from the zip file into a folder and doubleclick on sss.exe. Check the boxes under the 'Items to Clear' tab and click 'Clear Selected Items'. You will be prompted to reboot, do so. Repeat for all log-in accounts on your computer.

Let me know if that removes it.

[Diane86]

I got a quick question for ya........when you say click the boxes under the "items to clear" tab do you mean all the boxes in that entire section or just the "internet explorer"

[Daemon]

All the boxes except 'User defined folders'

[Diane86]

Hi Daemon i think that solved the problem! I ran Norton Antivirus and it didn't detect anything.

Thank You for all you help! I appreciate it very very much

[Daemon]

You're welcome - glad to help

To help keep you clean follow the recommendations in Tony's article here:

So how did I get infected in the first place?



As this problem has been resolved the topic will be closed. If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.