

HELP!!! teenage daughter has infected the PC with a virus/trojan.
Processor Intel® Pentium® 4 CPU 2.80GHz
Running Windows XP Home Edition SP2, IE6 AVG 8.5.339, SpyBot S&D SpywareBlaster, Adaware
Initial symptoms when launching IE7 slow to load then get 'fake windows?' security warning messages of unsafe site continue to site or block Clicking on the later redirected to a fake download AV software sites. The computer hard drive makes ‘hammering’ noise on start up
Intermittently a separate 'windows security' box opened stating Win32. two options greyed out the third was to block [I think]
Could not launch AVG or SpyBot S&D, or update Adaware I tried to reinstall SpyBot but when it came to downloading the programme would not connect to the download site also Adaware update blocked
I have downloaded and Run Spyware Terminator it found several files which it is blocking.
Adaware.CFD
Adware.ShowBehind.a
Backdoor.W32.Delf.SCV
C:\E18773C7E207CB4f9Af5\SETUP.EXE
C:\WINDOWS\SYSTEM32\ gxvxcdaiynyutnmoqvplwasrfqkxwylwmqtan.dll
Trojan.Downloader.Small.jqv
Unknown name
Unknown name
ViewPoint.Toolbar
Now I could manually delete the file afuya1119762.exe
I could now open browsers without fake 'windows' security messages and the security box stating Win32.Bonchok? [I can’t remember exact name now] has stopped popping up
And now no longer prevented of visiting Antispyware sites such as downloading a new version of SpyBot,
Tried online Scans Housecall won't start hanging on file load up and I have downloaded Malwarebytes it won’t open/run
Panda located two infected files but could not disinfect them
;********************************************************************
ANALYSIS: 2009-06-05 19:56:32
PROTECTIONS: 1
MALWARE: 2
SUSPECTS: 0
;********************************************************************
PROTECTIONS
Description Version Active Updated
;============================================================
AVG Anti-Virus Free 8.5 Yes Yes
;============================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;============================================================
01054371 W32/TDSS.BF.worm Virus/Worm Yes 1 Yes No globalroot\systemroot\system32\gxvxcdaiynyutnmoqvplwasrfqkxwylwmqtan.dll
01055526 W32/TDSS.BF.worm Virus/Worm Yes 1 Yes No globalroot\systemroot\system32\gxvxcvvrjikhbmuirqpladedoghxwswvwkrwx.dll
;============================================================
SUSPECTS
Sent Location
;===========================================================
VULNERABILITIES
Id Severity Description
;============================================================ 108742 MEDIUM MS06-006
;============================================================
Second Scan
;********************************************************************
ANALYSIS: 2009-06-05 21:18:52
PROTECTIONS: 1
MALWARE: 1
SUSPECTS: 0
;********************************************************************
PROTECTIONS
Description Version Active Updated
;============================================================
AVG Anti-Virus Free 8.5 Yes Yes
;============================================================ MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;============================================================
01055526 W32/TDSS.BF.worm Virus/Worm Yes 1 Yes No globalroot\systemroot\system32\gxvxcvvrjikhbmuirqpladedoghxwswvwkrwx.dll
;============================================================ SUSPECTS
Sent Location J
;============================================================
VULNERABILITIES
Id Severity Description J
;============================================================
108742 MEDIUM MS06-006 J
;============================================================
F-Secure found and removed the following 3 Spyware files
TrackingCookie.Revsci (spyware) System (Disinfected)
TrackingCookie.Xiti (spyware) System (Disinfected)
Trojan.JS.Fav.n (virus)
C:\DOCUMENTS AND SETTINGS\JAMES\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\DL6P9D62\DEFAULT[1].JS (Renamed & Submitted)
Symantec Security Check
C:\WINDOWS\system32\rn.tmp is infected with Trojan.Dropper I could remove with AVG
C:\Recover\ONB00034.PPT is infected with Bloodhound.Exploit.139
C:\Recover\ONB00069.PPT is infected with Bloodhound.Exploit.139
Active Scan
W32/TDSS.BF.wo... Virus Active Hide + Info
1. globalroot\systemroot\system32\gxvxcdaiynyutnmoqvplwasrfqkxwylwmqtan.dll [this is the file Spyware Terminator is blocking]
W32/TDSS.BF.wo... Virus Active Hide + Info
1. globalroot\systemroot\system32\gxvxcvvrjikhbmuirqpladedoghxwswvwkrwx.dll
Spyware Doctor located these
Trojan Downloader Agent [2]
Trojan Downloader Renos [12]
Adware BHO.Gen [8]
Torjan.TDSServ [3]
Adware SpyGame [7]
Trojan-Pws Bancos. PWN [1]
HeurEngine.Packed.Themida.RGa [1]
Something however is still hijacking IE browser and diverting it to other sites
SpyBot S&D [I can update it] but it won't launch followed the tips from the web site http://www.safer-networking.org/en/faq/23.html [no luck]and Hijack this still won't launch. I can not boot up in safe mode or use the restore discs. I have run out of ideas Can anyone HELP!!