When my computer starts up it has a message say that "your computer is infected" it has a red circle and a white cross in the middle.I've tried adware and virus scans but when i delete what shows up and reboot the infection is still there? also the computer runs very slow and every time i open internet explorer it closes down by its self.I have no idea but i cant remove my Norton Internet Security
Logfile of HijackThis v1.99.1
Scan saved at 6:47:20 PM, on 12/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
You are not running HijackThis (HJT) from a desired location. You really need to setup a dedicated folder for HJT items – to avoid horrible clutter and potential lost backup issues.
It's best that the HijackThis tool NOT be located in its current location (particularly on your Desktop or in a TEMP folder). This way you can more easily undo any changes if something goes wrong.
Create a new folder in your C: Drive. Name it HJT (or HijackThis) such as C:\Program Files\HJT, C:\HJT and move the HijackThis.exe file in it. Run HJT from there (and revise your shortcut accordingly).
See if you can run the following scan:
Please download, install, update and scan your system with the free (trial) version of Ewido trojan scanner:
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
From the main ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread.
Read over the following directions. Ask if anything appears unclear to you.
We will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet. Accordingly, it is probably a good idea to print out the following directions or copy them to a text file on your desktop using NOTEPAD. Read these instructions carefully and feel free to ask if you're unsure about anything.
HIDDEN FILES: To make sure you can see all hidden files, please follow the directions here
SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).
Delete TEMPORARY FILES: Now, hunt down the most common temporary file locations and the temporary file clutter contained therein (and of possible malware hiding places):
Go to Start > Run and type: CLEANMGR.EXE and hit enter.
When prompted select the C: drive and click ok. Check the boxes for:
Temporary Internet Files
Downloaded Program Files
Recycle Bin
Temporary Files
Click OK or Enter
For additional, more thorough cleaning and for multi-profile user configurations: (*) Run Clean.bat to clean up your TEMPorary files.
***** Clean out the Recycle Bin for items removed below, ONLY once you have regained the full functional use of your PC.
Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):
DELETE APPLICATION FOLDERS:
Go to Add/Remove Programs
In Control Panel>Add/Remove Programs look for any CLEARLY related entries for unwanted items listed below (or anything else you need to investigate or did not put in there).
UNINSTALLER Alternate SEARCH: Otherwise, advisable to locate and try right-clicking on any of the given SEARCH FOLDER items below and further search (tick include subdirectories) for the following exact text:
UN*.EXE, *UN*.EXE
This may reveal an uninstaller with label terms such as '...uninstall...EXE', ‘unins000’, or 'unwise.EXE'. Double-click that EXE, if one is found, to remove that particular FOLDER and it contents. Thereafter, check to ensure that the folder is completely gone. Otherwise, consider deleting the folder in question.
POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.
Tell me and I forget; show me and I remember; involve me and I understand. There are no foolish questions, the only thing foolish is not asking if you're unsure of something. Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
The problem is still their it still says "your computer is infected ect:" I i found a file call E-nrgyPlus ? but here are logs i am unable to put the scan report but i loaded it on ysi =http://s7.yousendit.com/d.aspx?id=2M...92MHPJDSYRL3RQ I dont understander this part
[# UNINSTALLER Alternate SEARCH: Otherwise, advisable to locate and try right-clicking on any of the given SEARCH FOLDER items below and further search (tick include subdirectories) for the following exact text:
UN*.EXE, *UN*.EXE
This may reveal an uninstaller with label terms such as '...uninstall...EXE', ‘unins000’, or 'unwise.EXE'. Double-click that EXE, if one is found, to remove that particular FOLDER and it contents. Thereafter, check to ensure that the folder is completely gone. Otherwise, consider deleting the folder in question.]
Logfile of HijackThis v1.99.1
Scan saved at 5:39:50 PM, on 13/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
i am unable to put the scan report but i loaded it on ysi =http://s7.yousendit.com/d.aspx?id=2...M92MHPJDSYRL3RQ
There was a posting character limit that has been adjusted as of today. Try posting again or post it in multiple posts if necessary (maybe some very valuable feedback there).
The download link that you provided appears to have an unacceptible potential 'drive-by download' risk profile - see the following link. Such a site may be a possible source of infection content and not be trustworthy:
This site appears to have a business relationship with Zango, a known provider of adware, spyware or other unwanted programs. Use caution before downloading from this site.
Quote:
I dont understander this part
[# UNINSTALLER Alternate SEARCH: Otherwise, advisable to locate and try right-clicking on any of the given SEARCH FOLDER items below and further search (tick include subdirectories) for the following exact text:
UN*.EXE, *UN*.EXE
Lets see if the following instructions are any clearer:
For the ‘’Program File’ items of interest, if you can locate a similarly named application in Add/Remove Programs remove it there.
Otherwise, navigate to C:\Program Files in WINDOWS EXPLORER (or use <‘Windows Key’>+<E>).
Right-click on the ‘Program Files’ FOLDER and select ‘FIND’.
Search for files with the following exact text (paste that exact text in the search box):
*UNI*.EXE, *UNW*.EXE
For any ‘Program File’ FOLDERS of interest: --- If you can locate a file that has the following terms such as '...uninstall...EXE', ‘unins000’, or 'unwise.EXE', you have located an uninstaller for that application. Double-click that EXE, if one is found, to remove that particular application FOLDER and it contents. Thereafter, check to ensure that the folder of interest is completely gone. Otherwise, consider deleting the folder in question.
SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:
O4 - HKCU\..\Run: [SOPROC_REGSOALERTWXLITENNAJ] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack RegSoAlertWxLiteNnAj
Make sure that all browser windows and internet links are closed, even this one! CLICK ’FIX CHECKED’ with HijackThis.
POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.
Tell me and I forget; show me and I remember; involve me and I understand. There are no foolish questions, the only thing foolish is not asking if you're unsure of something. Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Tell me and I forget; show me and I remember; involve me and I understand. There are no foolish questions, the only thing foolish is not asking if you're unsure of something. Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
well the computer is abit faster and internet expore work but i still have the pop up that says "computer is affected" but here are my logs
Logfile of HijackThis v1.99.1
Scan saved at 3:39:14 PM, on 14/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
5) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
6) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "Yes" to reboot next.
POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.
Even though things should be much improved, there will be more to do after this.
Tell me and I forget; show me and I remember; involve me and I understand. There are no foolish questions, the only thing foolish is not asking if you're unsure of something. Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
the computer doesnt have the pop up thing that say "computer is affected" but it has a black wallpaper with a message text saying "Your coputer is in danger . windows security centre has detected sypware/adware infection! , It is strongly recommended to use special antispyware tools to prevent data loss" but the computer is doing much better Also how come im unable to change users ? , i press the other user and the screen just blinks and comes back to the select user screen?
Logfile of HijackThis v1.99.1
Scan saved at 5:42:56 PM, on 15/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
When my computer starts up it has a message say that "your computer is infected" it has a red circle and a white cross in the middle.I've tried adware and virus scans but when i delete what shows up and reboot the infection is still there? also the computer runs very slow and every time i open internet explorer it closes down by its self.I have no idea but i cant remove my Norton Internet Security
Also how come im unable to change users ? , i press the other user and the screen just blinks and comes back to the select user screen? 
