Posted 23 July 2005 - 03:46 PM
I've looked through the forums for this particular scenario but because of the Safe-Mode issue, none fit mine well enough (I think). If you've already solved this one and I've overlooked the post please point me to it and I'll do more reading. Here's the skinny..
1. Windows 2000 Professional SP4/Build (2195) fully patched EXCEPT the last one mentioned on this forum as of June 20th. The machine is too unstable to do that right now.
NOTE: Upon boot and after the POST, there are two Windows 2000 choices on my computer (don't know why). I would say that they appear as partitions except that they have access to the same file-system. Naturally the one I populated with applications (including AVG) is not able to run in Safe-mode.
2. MS Internet Explorer v6 fully patched
3. Retail AVG anti-virus software, usually updated daily, but it wasn't for some weeks with another user in my family on this computer.
4. Tiny Personal Firewall, Not updated daily
What's the problem?
1. Browser hijacked in prior to my home page to www3.bigtrafficnetwork.com.
2. Multiple viruses and trojans are loaded into the file system.
3. As well, six or seven "Anti-virus/trojan links and "Free Sony/Playstation and X-Box" links are dumped into my Desktop directory.
What have I done to correct this?
1. I ran AVG yesterday and found 13 viruses/trojans attached to various files. Please let me know if I need to list them or send a .csv of the AVG Virus Vault. I just ran it again and it found two problems but I know that my browser is still redirected and it starts downloading "stuff" immediately. Some of them are as follows looking at the Virus Vault log from various dates:
- Downloader.Small.15.BS in SSK3_B5 Seeding4.exe and wrapperouter.exe (and others)
- Dropper.Agent.7.K in ventura5.exe
- Downloader.Qoologic.CA (in two different files)
2. I have marked the www3.bigtrafficnetwork.com as a restricted site in the MS-IE Security window.
3. I have marked the www3.bigtrafficnetwork.com site as forbidden in my router management application.
4. I have run HJT but without Safe-Mode so I don't know if the report is useful.
5. In Safe-Mode and on the "partition" that I don't use, I ran HJT and it only came up with about 17 lines. Again I don't know how useful this is.
6. I deleted the www3.bigtrafficnetwork.com Key in the registry but it reappears upon booting in normal-mode.
7. Prior to cold-boot I always delete the %temp% directory.
8. Cookies are always deleted as are files and off-line content.
9. I retain History in my browser unless there is a particular site I don't want my children to visit again.
This computer is completely unusable so thanks in advance for any help with this persistent crud! Reinstalling the OS, patching and restoring applications is so time consuming that I know I'll just fight the same battles again.
Thanks again for the help folks,