This forum is great and I have used many of the suggestions prior to posting. I had (or may still have) the Help Assistant virus. I ran mbr.exe -f as well as fixmbr from the Windows XP recovery console. I deleted the Help Assistant account and I am confident that the duplication of my files into the Help Assistant user folder is no longer occurring.
What I am concerned about though is the results the mbr.exe command provide:
device: opened successfully
user: MBR read successfully
user & kernel MBR OK
malicious code @ sector 0x012A18713 !
PE file found in sector at 0x012A18729 !
This indicates to me that my MBR is ok, but there is still something malicious going on. Is my interpretation correct? What can I do to remove the malicious leftovers? Malwarebytes and NAV detect nothing.
Edited by Orange Blossom, 14 February 2010 - 09:30 PM.
Move to AII. ~ OB