This is the worst virus/malware I Have ever had and the first time I have had to seek advice for removal.
Here is HJT 2.0.2
StartupList report, 8/24/2008, 11:01:29 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
Here is the HJT SCAN log
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 1015 AM, on 8/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
First, it changed my desktop picture. The new picture was telling me my computer was infected lol.
Then A window popped up asking to install some kind of "anti virus". It had no cancel button, and could not be moved. Only an "AGREE/INSTALL" lol. I opened task manager and closed it.
So the first thing I do is open spybot. I run the update, it downloads and tries to connect to 127.0.0.1 for the install... which errors and fails. thinking it was a fluke I goto google to find spyboy and re-download...
only to find that it changes all of my google searches. Even if I copy the link its a long string of crap that sends me all over the place. So google fails. I goto download.com and download spybot from there, only to find the file corrupted. then I try downloading AVG... Corrupted. Whatever I have corrupts these files if I try to download, from firefox or IE i tried both.
So I find the spybot website and realize it also blocks websites. I cant even come to this forum from the infected computer, its blocked out. It blocks trend, norton, etc...
So to re-cap:
Corrupts anti-virus downloads
Redirects google searches
blocks websites associated with anti-malware
changed desktop picture
tried to install fake anti mal-ware program
ALSO Randomely freezes startup? I have to restard several times to get in.
Even safe mode freezes up.
So I come to an uninfected computer and download HJT, make a log bring the log back to this computer and here I am.
After some searching I realize I might need to get combofix, malwarebytes, javara, java runtime, and otscan it, I have downloaded all of these on my good computer (since infected computer wont connect to those sites) and I just need to run out and buy a blank CD to burn it all so I can bring it over to the infected one...