I'm helping a friend who seems to be infected with this malware
it keeps coming up during Spybot, adaware, MS Spyware, and 2 or 3 other programs I ran (some several times)
programs say it is being removed, but after reboot - still there
I haven't tried running any in safe mode (will try this AM)

the weird symptom on this machine is that I can get on the internet using IE, but I get stopped from going to certain sites, for instance,
- can go to grc.com and then go to the spinrite section, but not the shieldsup section
- no banking or checkout type pages seem to work (tried buying a printer from buy.com and couldn't checkout)
- loaded Firefox - that fails on every page
- windows update fails after hitting "express" and getting the green scan bar


I was wondering if these symptoms sound familiar to anyone
it complicates things that it's not one of my machines and I have to run back and forth between houses

I ran a HJT a few days ago, but Spybot, etc have removed MANY other threats and the log is now outdated (I saved to a DataTraveler and was going to submit from my PC, but never got around to it). I'll also rerun this AM and post if needed when I get back

well I didn't get to play with this machine yesterday, although did some reading up on various ways to get rid of abetterinternet
tried many of them today, including getting rid off nail.exe file - which gets rebuilt after you delete it ( I like the suggestion of command line "dir>nail.exe" which replaces the contents with your current dir listing )
there are so many things hosed on this system: email doesn't get past asking for password (which, even when reset by isp, still won't work), none of the restore points work, things do get tons better in safe mode
anyway, while we can still access docs, etc, I'm going to save their data and reformat and start over
PS - if anyone runs into CEO Joahua Abrams, who, I was told, is the head of Direct-Revenue, who is behind this crap, please shot him in both kneecaps and I'll refund the cost of the bullets - thnx in advance

never mind ... I don't like violence
be nice though if we could collect a couple of dozen virus/spyware programs and dump them on their machines (as a X-mas present)

hi rayno,

suggest running ewido on the computer, then reboot once. next run hjt and post a hjt log if you still need some help:

1. Download Ewido and install
Ewido Security Suite. It is a free trial version of the program:

http://www.ewido.net/en/download/

2. Install ewido security suite
3. Launch ewido, there should be an icon on your desktop double-click it.
4. The program will now go to the main screen

You will need to update ewido to the latest definition files.

1. On the left hand side of the main screen click update
2. Then click on Start Update

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use Ewido manual updates


Once the updates are installed do the following:

1. Click on scanner
2. Click on Complete System Scan and the scan will begin.
3. NOTE: During some scans with ewido it is finding cases of false positives.**
o You will need to step through the process of cleaning files one-by-one.
o If ewido detects a file you KNOW to be legitimate, select none as the action.
o DO NOT select "Perform action on all infections"
o If you are unsure of any entry found select none for now.
4. Once the scan has completed, there will be a button located on the bottom of the screen named Save report
5. Click Save report.
6. Save the report .txt file to your desktop.

Now close ewido security suite.

shelf life

This topic will now be archived.
If you need it re-opened please pm me, or your helper.