You have a suspicious file we need to check.
You will need to be able tos see hidden files,
so go to My Computer
and double-click C
Go to the Tools
menu and select 'Folder Options'
On the 'View'
tab select 'show hidden files and folders'
deselect (uncheck) 'hide protected operating system files (recommended)'
deselect (uncheck) "Hide extensions for known file types.'
Go to next site: http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:F:\WINDOWS\system32\j5241931.exe
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Save the results in notepad.
Once scanned, copy and paste the results also in your next reply.
I usually enter my email address at virus total
so they can send me the scan results. They usually only take a couple minutes to reply.
You can copy/paste the results of scan results here. ***********************
1. Download this file - combofix.exe
2. Double click combofix.exe
& follow the prompts.
3. When finished, it shall produce a log for you. Post the ComboFix
log and a fresh Hijackthis
log, and results of the Virus Total scan
in your next reply.
Please do not
attach the log files, as that makes it harder to read. Copy and paste then post them. Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Disable script blocking if you have Norton Antivirus
installed so it will not interfere with the fix. To disable Norton AntiVirus Script Blocking
Start Norton AntiVirus. If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program.
. If you see a menu, click Norton AntiVirus.
In the left pane, click Script Blocking
In the right pane, uncheck Enable Script Blocking (recommended).
Click OK Trojan Hunter
has been reported to detect combofix as Worm.Qiv.100.
Edited by SifuMike, 09 June 2007 - 06:26 PM.