Ive had this virus for a few days now and I can't seem to kick it. I have symantec anti virus, which detects it, but doesnt get rid of it. Ive ran ad-aware, and Ccleaner, but no change. I downloaded hijackthis and here is its log file. I didn't know what to do next and was wondering if someone could help out, thanks. Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:43:13 AM, on 6/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
[... additional process listings ...]
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E2C2832210359926033AAC
O4 - HKCU\..\Run: [Ffnttut] "C:\Documents and Settings\Max&Lizzy\Application Data\?dobe\i?xplore.exe"
O4 - HKCU\..\Run: [Jgax] C:\WINDOWS\F?nts\w?nspool.exe
O20 - Winlogon Notify: winhoo32 - winhoo32.dll (file missing)
-- End of file - 10520 bytes Hello, I looked at your log and found these things: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.stcloudstate.edu/exchweb/bin/auth/owalogon.asp?url=https://mail.stc loudstate.edu/exchweb/bin/mail.asp&reason=0 O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [SManager] smanager.7.exe O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3 D1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E2C2832210359926033AAC O4 - HKCU\..\Run: [Jgax] C:\WINDOWS\F?nts\w?nspool.exe O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O20 - Winlogon Notify: winhoo32 - winhoo32.dll (file missing) --------------------------------------------- For this next one, you will have to go into your hard drive and try to delete it. If that doesnt work, you will have to rename it, and then delete it. C:\WINDOWS\F?nts\w?nspool.exe
ok so i fixed the problems that you suggested. However i can not find C:\WINDOWS\F?nts\w?nspool.exe

Here is a new logfile:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:49:00 AM, on 6/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

C:\WINDOWS\F?nts\w?nspool.exe

-- End of file - 9253 bytes

Im still getting popups * Download this file from either of the two below listed places : http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe * Then double click combofix.exe & follow the prompts. * When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
"Max&Lizzy" - 2007-06-02 17:46:49 Service Pack 2 ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Max&Lizzy\Desktop\" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) -- Purity Folders: C:\WINDOWS\FNTS~1 C:\WINDOWS\SKS~1 C:\Program Files\WNSXS~1 C:\DOCUME~1\MAX&LI~1\APPLIC~1\WNSXS~1 C:\DOCUME~1\MAX&LI~1\APPLIC~1\DOBE~1 C:\DOCUME~1\MAX&LI~1\APPLIC~1\SEMBLY~1 C:\DOCUME~1\MAX&LI~1\APPLIC~1\CROSOF~1 ((((((((((((((((((((((((((((((( Files Created from 2007-05-02 to 2007-06-02 )))))))))))))))))))))))))))))))))) 2007-06-02 08:20 <DIR> d-------- C:\Program Files\CCleaner 2007-06-02 08:18 <DIR> d-------- C:\DOCUME~1\MAX&LI~1\APPLIC~1\Lavasoft 2007-06-01 14:27 69,632 --a------ C:\WINDOWS\SYSTEM32\lfgif13n.dll 2007-06-01 14:27 57,344 --a------ C:\WINDOWS\SYSTEM32\lfbmp13n.dll 2007-06-01 14:27 462,848 --a------ C:\WINDOWS\SYSTEM32\ltkrn13n.dll 2007-06-01 14:27 450,560 --a------ C:\WINDOWS\SYSTEM32\ltimg13n.dll 2007-06-01 14:27 401,408 --a------ C:\WINDOWS\SYSTEM32\lfcmp13n.dll 2007-06-01 14:27 299,008 --a------ C:\WINDOWS\SYSTEM32\ltdis13n.dll 2007-06-01 14:27 206,336 --a------ C:\WINDOWS\SYSTEM32\ltefx13n.dll 2007-06-01 14:27 163,840 --a------ C:\WINDOWS\SYSTEM32\ltfil13n.dll 2007-05-27 20:36 <DIR> d-------- C:\WINDOWS\pss 2007-05-26 19:21 <DIR> d-------- C:\DOCUME~1\MAX&LI~1\APPLIC~1\GARMIN 2007-05-24 19:01 8,320 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\grmnusb.sys 2007-05-24 19:01 18,432 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\grmngen.sys 2007-05-24 19:01 <DIR> d-------- C:\Garmin 2007-05-14 18:32 <DIR> d-------- C:\WINDOWS\wfui 2007-05-14 18:32 <DIR> d-------- C:\Program Files\Common Files\wfui 2007-05-10 18:47 <DIR> d-------- C:\WINDOWS\TWF4Jkxpenp5 2007-05-10 02:02 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2007-05-09 19:31 <DIR> d--h----- C:\DOCUME~1\MAX&LI~1\APPLIC~1\Move Networks 2007-05-09 07:46 63,040 --a------ C:\WINDOWS\SYSTEM32\PnkBstrA.exe 2007-05-08 17:45 <DIR> d-------- C:\Program Files\Trymedia 2007-05-08 17:41 2 --a------ C:\WINDOWS\SYSTEM32\wintsvcc32.exe 2007-05-08 17:39 405,504 --a------ C:\WINDOWS\SYSTEM32\srkey.exe 2007-05-08 17:39 <DIR> d-------- C:\Program Files\Small Rockets 2007-05-04 15:43 22,584 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PnkBstrK.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-02 23:44:14 -------- d-----w C:\DOCUME~1\MAX&LI~1\APPLIC~1\MetaCafe 2007-06-02 17:46:22 -------- d-----w C:\Program Files\Symantec AntiVirus 2007-06-02 14:08:30 -------- d-----w C:\Program Files\Google 2007-06-02 14:02:05 -------- d-----w C:\Program Files\Logbook Pro 2007-05-28 02:22:52 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-05-09 13:46:49 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-05 17:11:50 -------- d-----w C:\DOCUME~1\MAX&LI~1\APPLIC~1\Ahead 2007-04-05 17:10:21 -------- d-----w C:\Program Files\DVD Shrink 2007-04-05 00:12:35 -------- d-----w C:\Program Files\Common Files\Ahead 2007-04-05 00:10:31 -------- d-----w C:\Program Files\Nero 2007-04-04 23:35:36 -------- d-----w C:\DOCUME~1\MAX&LI~1\APPLIC~1\Real 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-15 00:27:58 972,336 ----a-w C:\WINDOWS\UNRecode.exe 2007-03-15 00:19:56 95,864 ----a-w C:\WINDOWS\system32\NeroCo.dll 2007-03-15 00:19:26 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe 2007-03-12 18:51:08 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-13 01:05] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 02:43] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2007-05-30 19:21] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-05-30 19:21] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 13:33] "IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 12:16] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 08:21] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 18:27] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-05 11:14] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-01 10:23] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-14 01:03] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-06-16 13:38] "QuickenScheduledUpdates"="C:\Program Files\Quicken\bagent.exe" [2006-10-30 06:39] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-29 23:09] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Usnsvc usnsvc HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* ******************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-02 17:50:32 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-06-02 17:50:56 --- E O F --- That means a whole lot of nothing to me!
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:31:44 AM, on 6/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

-- End of file - 8949 bytes

Yes looks like it might have worked, I haven't had any more pop ups. I havent restarted yet though
might seem that way, but i ran my antivirus in safe mode, and it quarintened 4 more adware.purityscan files. any other suggestions?
You can try AVG Anti-Spyware. It is good software. Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder. http://www.ewido.net/en/download/ * Install AVG Anti-Spyware by double clicking the installer. * Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked. * On the main screen under Your Computer's security. * Click on Change state next to Resident shield. It should now change to inactive. * Click on Change state next to Automatic updates. It should now change to inactive. * Next to Last Update, click on Update now. (You will need an active internet connection to perform this) * Wait until you see the Update succesfull message. * Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows. * Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes. If you are having problems with the updater, you can use this link to manually update ewido. AVG Anti-Spyware manual updates. Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update. ============= Restart your computer to Safe Mode. 1. If the computer is running, shut down Windows, and then turn off the power. 2. Wait 30 seconds, and then turn the computer on. 3. Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again. 4. Ensure that the Safe Mode option is selected. 5. Press Enter. The computer then begins to start in Safe Mode. 6. Login on your usual account. ============= Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan. * Click on Scanner on the toolbar. * Click on the Settings tab. * Under How to act? * Click on Recommended Action and choose Quarantine from the popup menu. * Under How to scan? * All checkboxes should be ticked. * Under Possibly unwanted software: * All checkboxes should be ticked. * Under Reports: * Select Automatically generate report after every scan and uncheck Only if threats were found. * Under What to scan? * Select Scan every file. * Click on the Scan tab. * Click on Complete System Scan to start the scan process. * Let the program scan the machine. * When the scan has finished, follow the instructions below. IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button. * Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2) * At the bottom of the window click on the Apply all Actions button. (3) * When done, click the Save Scan Report button. (4) * Click the Save Report as button. * Save the report to your Desktop. * Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes. Reboot in Normal Mode. Please post AVG scan report.
i tried to follow your dircetions as best I could. But everytime is restarted the computer in safemode, said that there was an error with AV and need to re-install it. I did that 3 times, tried different combinations of the instructions that you gave me, but no of them worked. So I just ran the program after installing the updates and it came up with this: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 12:06:14 AM 6/5/2007 + Scan result: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP311\A0014523.exe -> Adware.Virtumonde : Ignored. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP311\A0014525.exe -> Adware.Virtumonde : Ignored. C:\Program Files\Common Files\wfui\wfuid\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined). C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@lenovo.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@rotator.dex.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@advertising[2].txt -> TrackingCookie.Advertising : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@atdmt[3].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@casalemedia[3].txt -> TrackingCookie.Casalemedia : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@com[1].txt -> TrackingCookie.Com : Cleaned. C:\Documents and Settings\LocalService\Cookies\system@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@ehg-bestbuy.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\LocalService\Cookies\system@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@revsci[2].txt -> TrackingCookie.Revsci : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@revsci[3].txt -> TrackingCookie.Revsci : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@statse.webtrendslive[3].txt -> TrackingCookie.Webtrendslive : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\Max&Lizzy\Cookies\max&lizzy@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP313\A0014682.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP318\A0014878.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP327\A0014978.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP334\A0015175.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP336\A0015219.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP338\A0015258.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP339\A0015279.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP339\A0015655.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\wintsvcc32.exe -> Trojan.Small : Cleaned with backup (quarantined). ::Report end Thanks
Remove this folder: C:\Program Files\Common Files\wfui There were trojans in your systemrestore. Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: * Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point. You can find instructions on how to enable and reenable system restore here: Managing Windows Millenium System Restore or Windows XP System Restore Guide Reenable system restore with instructions from tutorial above * Make your Internet Explorer more secure - This can be done by following these simple instructions: * From within Internet Explorer click on the Tools menu and then click on Options. * Click once on the Security tab * Click once on the Internet icon so it becomes highlighted. * Click once on the Custom Level button. * Change the Download signed ActiveX controls to Prompt * Change the Download unsigned ActiveX controls to Disable * Change the Initialize and script ActiveX controls not marked as safe to Disable * Change the Installation of desktop items to Prompt * Change the Launching programs and files in an IFRAME to Prompt * Change the Navigate sub-frames across different domains to Prompt * When all these settings have been made, click on the OK button. * If it prompts you as to whether or not you want to save the settings, press the Yes button. * Next press the Apply button and then the OK to exit the Internet Properties page. * Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources * Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. * Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly. For a tutorial on Firewalls and a listing of some available ones see the link below: Understanding and Using Firewalls * Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. * Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here: Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer * Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here: Instructions for - Spybot S & D and Ad-aware * Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware * Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will enhance your safety * IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. * MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to which is your local computer * Google Toolbar <= Get the free google toolbar to help stop pop up windows. * Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here: Using Winpatrol to protect your computer from malicious software Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference! The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware. Also, please read this great article by Tony Klein So How Did I Get Infected In First Place Happy surfing and stay clean!