I've tried ad-aware, winpatrol, spysubtract (which came with my PC), and norton. I have even tried manually hunting for files I -know- are suspcious and terminating them on sight. This this is still cropping up and at this point I'm not sure what more I can do.
The manner of infection I know. I was on AIM one day and I got a message from my friend with a statement similiar to "Is this you in this picture?" and it had some site like
Edited to remove link to malicious files. Please do NOT post links here that could unwittingly infect our other users.
Sadly. We were talking about pictures just the other day, unfortunatly I didn't notice the .com So now this thing is on my PC. I know it seems to activate when I get an ISP connection, because in my C:/ DIR it pops up files:
m1t.exe (the first one it loads)
There's also one other with a big name that I can't recall atm (the others I took a picture of).
This thing also seems bound and determine to hijack firefox as well. It has created a duplicate shortcut (named: Firefox (2)) which completely lacks all my bookmarks. It uses that to spam me with completely unwanted spam.
I apologize profusely if I have missed anything on the forums related to this that I could have tried. I am not the most perceptive person and everything I saw here I thought I could use to help myself (and even some things that weren't that I thought might). But I'm not sure what to do at all about this. I also have hijack-this (I have been here once before for a smitfraud problem and had it removed by following instructions here), but that's abit more than I can comprehend with my comparativly limited computer knowledge =/
If anyone can help me at all It would be greatly, greatly appreciated. Thank you a bundle and then some.
EDIT: A note on the most recent bugger. It appears to make pop ups that do not require a browser, nor are nessecarily in the 'traditional' box shape. I'm not sure if it's related but it's obviously spam
EDIT: Apologies for that scare >.>; That was not the offical link. I stated "Something like" because I don't even remember. The important part of that message was that it was a link to a file called Pictures_17.com It also does something with a socks8.exe too
Edited by Ahzagothis, 28 November 2005 - 06:24 AM.