Search:

Not anymore, that did the trick.

Computer's still running perfectly.

Once again, thanks ;)

here you go

http://i26.photobucket.com/albums/c110/cflannagan/entries-1.jpg

http://i26.photobucket.com/albums/c110/cflannagan/entries2.jpg
...

One more thing I need to ask you (no, no new attack here thank god! :) )

How do I remove a number of those bad entries from the "Startup" tab in MSCONFIG - files that no longer exist? (see...

Sure - I'll be happy to give my story about my experience w/malware -

Do you know what I've been attacked with?

My Norton AV shows the following:
Trojan.Cmapp
Trojan.Popper
Downloader...

Good news, I can confirm that there are no further popups.. so those earlier popups I saw today are probably from IE with Gmail page open but offline from the networking.

Many thanks for your...

Well after running HJT and a few other "scanners" I've used in this thread.. the computer runs very slowly.. ie: it takes 2 seconds to write to the drive when I change a value in table in MS SQL...

Here's the same log, with "Show All" checked:

GMER 1.0.11.11349 - http://www.gmer.net
Rootkit 2006-09-18 10:53:19
Windows 5.1.2600 Service Pack 2


---- Files - GMER 1.0.11 ----

ADS ...

GMER 1.0.11.11349 - http://www.gmer.net
Rootkit 2006-09-18 10:09:42
Windows 5.1.2600 Service Pack 2


---- Files - GMER 1.0.11 ----

ADS ...

---- EOF - GMER 1.0.11 ----

Fprot Online scan report

Scanning Report
Monday, September 18, 2006 08:43:22 - 09:43:14
Computer name: OVERCLOCKER
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\

...

Sorry, was typing my post as you sent yours.. Will do your instructions now

Many thanks for continued scrunity in removing the malware from my PC :)

Followup:

I also deleted two suspicious looking entries in Display Properties -> Desktop Tab -> Customize Desktop.. -> Web tab

The following lines were deleted:

C:\\Program...

I guess I spoke too soon! As I was downloading the new JRE, a popup came up.. I just ignore it (didn't click anything).. installed JRE, then deleted the temporary Internet files. I closed the popup.....

Just a follow up while I'm awaiting reply..

I know that helpers here would probably frown if I take things into my own hands, but I figured this action was easy and relatively straightforward...

Let me know if I'm missing anything else in terms of logs

And my latest HJT after the mwscans. I'm still getting popups.. one that asks me to install DriverCleaner (from DriverCleaner, Inc.. a .cab file with "Install/Don't Install" option) and later 3 more...

Went to sleep at 4am, woke 3 hours later.. looked at the scan, thought it was done and realized I stopped it while it was still in progress.. so I ran mwscan for 2nd time (both done in safe mode as...

Thanks again -

Followup report:

Killbox process has been completed. No "PendingFileRenameOperations prompt" came up.

Upon reboot, two popups came up.

Now running mwavscan.com as per...

Here you go - I think the popups might have stopped..

Shall I post a new HJT as well? Thanks by the way!



Craig Flannagan - 06-09-17 3:26:21.00 Service Pack 2
ComboFix 06.09.14 -...

Ran both Adware SE and Spybot S&D.. fully updated, fully immunized.. ran Spybot S&D in safe mode as well. Thought all was well until I came back online and a browser window popped up advertising some...