This is my first time posting and I'm in a little bit of a bind. I am attempting to fix a friend of mine's Gateway 6020GZ Celeron M 1.40GHz that has gotten a nasty little trojan. I have identified some of the files that are attacking it but cannot remove them. I have found other viruses like this one in forums but not this particular one or at least not discribed in enough detail.
This virus takes over the desktop with a blue backdrop that states "You have several fatal errors due to spyware activity" and flashes "Internet attack has been detected" or "Spyware has been found please scan to remove" in the taskbar as well as phoney Windows Defense boxes. Any click on them sends you to a cached page with the address of "http://windows-privacy-protection.com/?aid=444.471"(which, by the way, is an attempt to sell anti-spyware products). I know this has to be cached somewhere because i was disconnected from the internet for a long time while troubleshooting this problem. It has also disabled Task Mgr and any attempt to re-enable it through registry upon restart it disables it again.
I have Hijackthis and ran a scan but I don't know what steps to take from here. No other Ad/Spy/Virus tool can get rid of the files. Please if someone recognizes this virus or has some insight it would be greatly appreciated. If any other information is needed I will do my best to supply. I did trace this virus back to the site 220.127.116.11, not sure if that will help or not.
Thank you for any help in advance.
P.S. Sorry I posted this in the wrong place...
Edit: Moved topic from XP to the more appropriate forum. ~ Animal
Edited by Animal, 20 June 2008 - 04:34 PM.