Had several virus/ Trojans that orignally slipped through avast / norton fire wall, but picked it up on a scan. (I didn't really want to format the hard disc so,)
I have been reading the forums & run Malwarebytes & Superantivirus in normal & safe mode. Malwarebytes detected & removed viruses etc including win32:rootkit-gen ins system 32 \msfgw32.dll & Trojan-Spy.win32.zbot.tml.
& Trojan-Dropper.WIN32.Agent.aow, (The anti virus said these had been removed)
While trying to remove the virus i was then unable to log in as an administrator, but managed to log in under one or the other USERS & run a VB Script to re-gain access.
In addition AFTER this scan on my Kaspersky 7.00 scan (which i rushed out to purchase) removed Trojan-Dropper.WIN32.Agent.aow from c:\window\internat\exe//PE_Patch.UPX//UPX & system 32 \Wbem\grpconv.exe
i removed lots of unused programmes etc &
Cleaned up the disc / registry with WinUtillites that i aready had installed.
I was still very worried something was left behind !
This is a message I just received in KASPERSKY 7.00 today (only recently purchased due to virus ), reports log ''detected:riskware Dialer Software (modification) running process c:\windows\ehome\ehrec.exe''
I know this is normally the media center updater process, but I did notice while trying to free the computer from the virus that my modem 'wire' was accidently connected & that it started to dial out on its own (i had already disconnected the broadband & don't use dial up connention was already checked in internet options ) . I had a 'poke' around on the computer & and found a warning log in administrator tools etc that said that the media center updater could not disconnect & many other media center warnings?
I did a file search on the Pc for 'media center' (to try & access it) & it produced several results all that looked like shortcuts to internet explore web pages ( i didn't click on them & had already disconnect my broadband.)
The message in KASPERSKY reports log ''detected:riskware Dialer Software (modification) running process c:\windows\ehome\ehrec.exe'', appeared after all my own attempted remedies were carried out.
I don't really use the media center much & but i can't seem to see where to access the media center (button on task bar has disappered although this process is supposed to be running,
Could this also have been disabled by the virus? Can i disable the auto update of media center some how?
Do I think i could still be infected ? What other steps should i take to make sure i'm not?
(running XP service pack3)
(hope you find me worthy of moving to a 'remove virus' forum are as i am a bit out of ideas now)
Edited by modification, 14 May 2009 - 12:32 PM.