There are just two things left: iexplorer.exe and window.exe
I did some searching on Google and neither of them are legitimate Windows files and appear to be malware. Both of them have creation dates that match with the time my computer suffered the spyware attack. Both of them reside in C:\WINDOWS\ Both of them give me an error message that says: "Cannot delete [name of .exe]: It is being used by another person or program. Close any programs that might be using the file and try again." When I try looking in the Task Manager I do not see either of them running.
I have tried booting my computer in Safe Mode and I cannot delete those files even then. I get the same error message about the programs being in use.
Spybot and Ad-Aware do not recognize these files as malicious. HijackThis doesn't seem to either, though that might just be my lack of understanding.
I tried to follow the "How to remove a Trojan, Virus, Worm, or other Malware" tutorial on this site (http://www.bleepingcomputer.com/tutorials/how-to-remove-a-trojan-virus-worm-or-malware/) but Autoruns did not list them anywhere so I wasn't able to pull them from the startup process.
None of the "bad" stuff associated with the inital spyware attack appears to be happening anymore, but I really don't trust these two pieces that remain. Can someone help me delete these?
Edited by Piyu, 15 June 2008 - 01:36 AM.