Trojan

Picked up a nasty when opening a web site the other day and can't seem to
shake it. Am using updated CA anti-virus but it allowed the infection even
though it recognizes it but can't rid my system of it. I routinely clean out
history files and caches. I keep deleting files but it keeps recreating
them. It keeps re-establishing itself in the "start" menu in run/msconfig. I
have to "end process" of an unusual numbered process in task manager every
time I re-boot. The files that it keeps replicating are in "C/Windows" and
was "norton exe" but has now become "winform exe". Have tried Kapersky,
Panda and CA on-line scanners but no luck. Below are the CA prompts I keep
getting. Any ideas? Tom G.

2007/03/29 11:30:24.656 File infection: C:\Documents and
Settings\tomnvik.TOMNVIK-NBMH3UY\Local Settings\Temporary Internet
Files\Content.IE5\MPAXATKL\moyu0328[1].exe is Win32/Frethog!generic trojan.
Deleted
2007/03/29 11:30:24.734 File infection: C:\WINDOWS\System32\kdjs1.exe is
Win32/Frethog!generic trojan. Deleted
2007/03/29 11:30:24.734 File infection: C:\WINDOWS\System32\kdjs1.exe is
Win32/Frethog!generic trojan.
2007/03/29 11:30:24.750 File infection: C:\WINDOWS\System32\kdjs1.exe is
Win32/Frethog!generic trojan.
2007/03/29 11:30:24.765 File infection: C:\WINDOWS\System32\kdjs1.exe is
Win32/Frethog!generic trojan.
2007/03/29 11:30:25.578 File infection: C:\Documents and
Settings\tomnvik.TOMNVIK-NBMH3UY\Local Settings\Temporary Internet
Files\Content.IE5\OLCNQP8D\wow0328[1].exe is Win32/Frethog!generic trojan.
Deleted
2007/03/29 11:30:25.625 File infection: C:\WINDOWS\System32\kdjs2.exe is
Win32/Frethog!generic trojan. Deleted
2007/03/29 11:30:25.640 File infection: C:\WINDOWS\System32\kdjs2.exe is
Win32/Frethog!generic trojan.
2007/03/29 11:30:25.656 File infection: C:\WINDOWS\System32\kdjs2.exe is
Win32/Frethog!generic trojan.
2007/03/29 11:30:25.656 File infection: C:\WINDOWS\System32\kdjs2.exe is
Win32/Frethog!generic trojan.
2007/03/29 11:30:26.812 File infection: C:\WINDOWS\System32\winform.dll is
Win32/Frethog.IS trojan. Deleted
2007/03/29 11:30:26.828 File infection: C:\WINDOWS\System32\winform.dll is
Win32/Frethog.IS trojan.
2007/03/29 11:30:26.828 File infection: C:\WINDOWS\System32\winform.dll is
Win32/Frethog.IS trojan.
2007/03/29 11:31:23.343 File infection: C:\Documents and
Settings\tomnvik.TOMNVIK-NBMH3UY\Local

Download this, run it, save a copy of the log file and post it here in this
group so I can analyze it.
http://www.trendsecure.com/portal/e.../hijackthis.php


--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"tom" <k@a.com> wrote in message
news:1QTOh.17906$tD2.3284@newsread1.news.pas.earthlink.net...
> Picked up a nasty when opening a web site the other day and can't seem to
> shake it. Am using updated CA anti-virus but it allowed the infection even
> though it recognizes it but can't rid my system of it. I routinely clean
> out
> history files and caches. I keep deleting files but it keeps recreating
> them. It keeps re-establishing itself in the "start" menu in run/msconfig.
> I
> have to "end process" of an unusual numbered process in task manager every
> time I re-boot. The files that it keeps replicating are in "C/Windows" and
> was "norton exe" but has now become "winform exe". Have tried Kapersky,
> Panda and CA on-line scanners but no luck. Below are the CA prompts I keep
> getting. Any ideas? Tom G.
>
> 2007/03/29 11:30:24.656 File infection: C:\Documents and
> Settings\tomnvik.TOMNVIK-NBMH3UY\Local Settings\Temporary Internet
> Files\Content.IE5\MPAXATKL\moyu0328[1].exe is Win32/Frethog!generic
> trojan.
> Deleted
> 2007/03/29 11:30:24.734 File infection: C:\WINDOWS\System32\kdjs1.exe is
> Win32/Frethog!generic trojan. Deleted
> 2007/03/29 11:30:24.734 File infection: C:\WINDOWS\System32\kdjs1.exe is
> Win32/Frethog!generic trojan.
> 2007/03/29 11:30:24.750 File infection: C:\WINDOWS\System32\kdjs1.exe is
> Win32/Frethog!generic trojan.
> 2007/03/29 11:30:24.765 File infection: C:\WINDOWS\System32\kdjs1.exe is
> Win32/Frethog!generic trojan.
> 2007/03/29 11:30:25.578 File infection: C:\Documents and
> Settings\tomnvik.TOMNVIK-NBMH3UY\Local Settings\Temporary Internet
> Files\Content.IE5\OLCNQP8D\wow0328[1].exe is Win32/Frethog!generic trojan.
> Deleted
> 2007/03/29 11:30:25.625 File infection: C:\WINDOWS\System32\kdjs2.exe is
> Win32/Frethog!generic trojan. Deleted
> 2007/03/29 11:30:25.640 File infection: C:\WINDOWS\System32\kdjs2.exe is
> Win32/Frethog!generic trojan.
> 2007/03/29 11:30:25.656 File infection: C:\WINDOWS\System32\kdjs2.exe is
> Win32/Frethog!generic trojan.
> 2007/03/29 11:30:25.656 File infection: C:\WINDOWS\System32\kdjs2.exe is
> Win32/Frethog!generic trojan.
> 2007/03/29 11:30:26.812 File infection: C:\WINDOWS\System32\winform.dll is
> Win32/Frethog.IS trojan. Deleted
> 2007/03/29 11:30:26.828 File infection: C:\WINDOWS\System32\winform.dll is
> Win32/Frethog.IS trojan.
> 2007/03/29 11:30:26.828 File infection: C:\WINDOWS\System32\winform.dll is
> Win32/Frethog.IS trojan.
> 2007/03/29 11:31:23.343 File infection: C:\Documents and
> Settings\tomnvik.TOMNVIK-NBMH3UY\Local
>
>

On Thu, 29 Mar 2007 12:01:23 -0700, pcbutts1 wrote:

> Download this, run it, save a copy of the log file and post it here in this
> group so I can analyze it.
> http://www.trendsecure.com/portal/e.../hijackthis.php

Download it and post the logs to where the instructions tell you to post
the logs, and that would not be to ANY Usenet group.

How come you're not providing hijackthis from your own website any more?


--
Want to know what PCBUTTS1 is really about?
*** WARNING - this links contains foul/pornographic content of an
abusive nature created by PCBUTTS1 and still hosted on his public
website ***
http://www.pcbutts1.com/downloads/leythos.htm

From: "tom" <k@a.com>

| Picked up a nasty when opening a web site the other day and can't seem to
| shake it. Am using updated CA anti-virus but it allowed the infection even
| though it recognizes it but can't rid my system of it. I routinely clean out
| history files and caches. I keep deleting files but it keeps recreating
| them. It keeps re-establishing itself in the "start" menu in run/msconfig. I
| have to "end process" of an unusual numbered process in task manager every
| time I re-boot. The files that it keeps replicating are in "C/Windows" and
| was "norton exe" but has now become "winform exe". Have tried Kapersky,
| Panda and CA on-line scanners but no luck. Below are the CA prompts I keep
| getting. Any ideas? Tom G.
|
| 2007/03/29 11:30:24.656 File infection: C:\Documents and
| Settings\tomnvik.TOMNVIK-NBMH3UY\Local Settings\Temporary Internet
| Files\Content.IE5\MPAXATKL\moyu0328[1].exe is Win32/Frethog!generic trojan.
| Deleted
| 2007/03/29 11:30:24.734 File infection: C:\WINDOWS\System32\kdjs1.exe is
| Win32/Frethog!generic trojan. Deleted
| 2007/03/29 11:30:24.734 File infection: C:\WINDOWS\System32\kdjs1.exe is
| Win32/Frethog!generic trojan.
| 2007/03/29 11:30:24.750 File infection: C:\WINDOWS\System32\kdjs1.exe is
| Win32/Frethog!generic trojan.
| 2007/03/29 11:30:24.765 File infection: C:\WINDOWS\System32\kdjs1.exe is
| Win32/Frethog!generic trojan.
| 2007/03/29 11:30:25.578 File infection: C:\Documents and
| Settings\tomnvik.TOMNVIK-NBMH3UY\Local Settings\Temporary Internet
| Files\Content.IE5\OLCNQP8D\wow0328[1].exe is Win32/Frethog!generic trojan.
| Deleted
| 2007/03/29 11:30:25.625 File infection: C:\WINDOWS\System32\kdjs2.exe is
| Win32/Frethog!generic trojan. Deleted
| 2007/03/29 11:30:25.640 File infection: C:\WINDOWS\System32\kdjs2.exe is
| Win32/Frethog!generic trojan.
| 2007/03/29 11:30:25.656 File infection: C:\WINDOWS\System32\kdjs2.exe is
| Win32/Frethog!generic trojan.
| 2007/03/29 11:30:25.656 File infection: C:\WINDOWS\System32\kdjs2.exe is
| Win32/Frethog!generic trojan.
| 2007/03/29 11:30:26.812 File infection: C:\WINDOWS\System32\winform.dll is
| Win32/Frethog.IS trojan. Deleted
| 2007/03/29 11:30:26.828 File infection: C:\WINDOWS\System32\winform.dll is
| Win32/Frethog.IS trojan.
| 2007/03/29 11:30:26.828 File infection: C:\WINDOWS\System32\winform.dll is
| Win32/Frethog.IS trojan.
| 2007/03/29 11:31:23.343 File infection: C:\Documents and
| Settings\tomnvik.TOMNVIK-NBMH3UY\Local
|

It is stronly suggested to NOT use Trend Micro's version of HiJack This! (HJT) until it is
no longer a Beta product.

Download and execute the orginal HJT...
http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Create a HJT log file and post it in one of the below locations...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggestd primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggestd secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html

Suggestd tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums...isplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malw...o_Here-f37.html
http://gladiator-antivirus.com/foru...p?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard...hp?showforum=18
http://www.malwarebytes.org/forums/...php?showforum=7
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

The thief speaks! your sock puppet Leythos has done a terrible job speaking
up for you. How's that website coming Dave? doesn't feel too good does it? I
would really love to take credit for that but I can't, I don't steal. How
come you don't have the balls to speak up in the NG like you do in all those
abuse complaints you file against me. Hey guess what, my site is still up.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:GDVOh.60056$un.49520@trnddc03...
> From: "tom" <k@a.com>
>
> | Picked up a nasty when opening a web site the other day and can't seem
> to
> | shake it. Am using updated CA anti-virus but it allowed the infection
> even
> | though it recognizes it but can't rid my system of it. I routinely clean
> out
> | history files and caches. I keep deleting files but it keeps recreating
> | them. It keeps re-establishing itself in the "start" menu in
> run/msconfig. I
> | have to "end process" of an unusual numbered process in task manager
> every
> | time I re-boot. The files that it keeps replicating are in "C/Windows"
> and
> | was "norton exe" but has now become "winform exe". Have tried Kapersky,
> | Panda and CA on-line scanners but no luck. Below are the CA prompts I
> keep
> | getting. Any ideas? Tom G.
> |
> | 2007/03/29 11:30:24.656 File infection: C:\Documents and
> | Settings\tomnvik.TOMNVIK-NBMH3UY\Local Settings\Temporary Internet
> | Files\Content.IE5\MPAXATKL\moyu0328[1].exe is Win32/Frethog!generic
> trojan.
> | Deleted
> | 2007/03/29 11:30:24.734 File infection: C:\WINDOWS\System32\kdjs1.exe is
> | Win32/Frethog!generic trojan. Deleted
> | 2007/03/29 11:30:24.734 File infection: C:\WINDOWS\System32\kdjs1.exe is
> | Win32/Frethog!generic trojan.
> | 2007/03/29 11:30:24.750 File infection: C:\WINDOWS\System32\kdjs1.exe is
> | Win32/Frethog!generic trojan.
> | 2007/03/29 11:30:24.765 File infection: C:\WINDOWS\System32\kdjs1.exe is
> | Win32/Frethog!generic trojan.
> | 2007/03/29 11:30:25.578 File infection: C:\Documents and
> | Settings\tomnvik.TOMNVIK-NBMH3UY\Local Settings\Temporary Internet
> | Files\Content.IE5\OLCNQP8D\wow0328[1].exe is Win32/Frethog!generic
> trojan.
> | Deleted
> | 2007/03/29 11:30:25.625 File infection: C:\WINDOWS\System32\kdjs2.exe is
> | Win32/Frethog!generic trojan. Deleted
> | 2007/03/29 11:30:25.640 File infection: C:\WINDOWS\System32\kdjs2.exe is
> | Win32/Frethog!generic trojan.
> | 2007/03/29 11:30:25.656 File infection: C:\WINDOWS\System32\kdjs2.exe is
> | Win32/Frethog!generic trojan.
> | 2007/03/29 11:30:25.656 File infection: C:\WINDOWS\System32\kdjs2.exe is
> | Win32/Frethog!generic trojan.
> | 2007/03/29 11:30:26.812 File infection: C:\WINDOWS\System32\winform.dll
> is
> | Win32/Frethog.IS trojan. Deleted
> | 2007/03/29 11:30:26.828 File infection: C:\WINDOWS\System32\winform.dll
> is
> | Win32/Frethog.IS trojan.
> | 2007/03/29 11:30:26.828 File infection: C:\WINDOWS\System32\winform.dll
> is
> | Win32/Frethog.IS trojan.
> | 2007/03/29 11:31:23.343 File infection: C:\Documents and
> | Settings\tomnvik.TOMNVIK-NBMH3UY\Local
> |
>
> It is stronly suggested to NOT use Trend Micro's version of HiJack This!
> (HJT) until it is
> no longer a Beta product.
>
> Download and execute the orginal HJT...
> http://www.spywareinfo.com/~merijn/files/HijackThis.exe
>
> Create a HJT log file and post it in one of the below locations...
>
> { Please - Do NOT post the HJT Log here ! }
>
> Forums where you can get expert advice for HiJack This! (HJT) logs.
>
> NOTE: Registration is REQUIRED in any of the below before posting a log
>
> Suggestd primary:
> http://www.thespykiller.co.uk/index.php?board=3.0
>
> Suggestd secondary:
> http://www.bleepingcomputer.com/forums/forum22.html
> http://castlecops.com/forum67.html
>
> Suggestd tertiary:
> http://www.dslreports.com/forum/cleanup
> http://www.cybertechhelp.com/forums...isplay.php?f=25
> http://www.atribune.org/forums/index.php?showforum=9
> http://www.geekstogo.com/forum/Malw...o_Here-f37.html
> http://gladiator-antivirus.com/foru...p?showforum=170
> http://forum.networktechs.com/forumdisplay.php?f=130
> http://forums.maddoktor2.com/index.php?showforum=17
> http://www.spywarewarrior.com/viewforum.php?f=5
> http://forums.spywareinfo.com/index.php?showforum=18
> http://forums.techguy.org/f54-s.html
> http://forums.tomcoyote.org/index.php?showforum=27
> http://forums.subratam.org/index.php?showforum=7
> http://www.5starsupport.com/ipboard...hp?showforum=18
> http://www.malwarebytes.org/forums/...php?showforum=7
> http://makephpbb.com/phpbb/viewforum.php?f=2
> http://forums.techguy.org/54-security/
> http://forums.security-central.us/forumdisplay.php?f=13
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

On Thu, 29 Mar 2007 14:18:50 -0700, pcbutts1 wrote:
>
> The thief speaks! your sock puppet Leythos has done a terrible job
> speaking up for you.

I don't, now or ever, speak for anyone except myself

> Hey guess what, my site is still up.

Hey, guess what, the content that the complaints were file against is NOT
on your site any more - there are no working links to it and you don't
have the balls to put it back online because you know what your hosting
provider will do next.

--
Want to know what PCBUTTS1 is really about?
*** WARNING - this links contains foul/pornographic content of an
abusive nature created by PCBUTTS1 and still hosted on his public
website ***
http://www.pcbutts1.com/downloads/leythos.htm

Turn off system restore until you get rid of the trojan. When you can scan
your system and all is clean, then turn it back on.




"tom" <k@a.com> wrote in message
news:1QTOh.17906$tD2.3284@newsread1.news.pas.earthlink.net...
> Picked up a nasty when opening a web site the other day and can't seem to
> shake it. Am using updated CA anti-virus but it allowed the infection even
> though it recognizes it but can't rid my system of it. I routinely clean
out
> history files and caches. I keep deleting files but it keeps recreating
> them. It keeps re-establishing itself in the "start" menu in run/msconfig.
I
> have to "end process" of an unusual numbered process in task manager every
> time I re-boot. The files that it keeps replicating are in "C/Windows" and
> was "norton exe" but has now become "winform exe". Have tried Kapersky,
> Panda and CA on-line scanners but no luck. Below are the CA prompts I keep
> getting. Any ideas? Tom G.
>
> 2007/03/29 11:30:24.656 File infection: C:\Documents and
> Settings\tomnvik.TOMNVIK-NBMH3UY\Local Settings\Temporary Internet
> Files\Content.IE5\MPAXATKL\moyu0328[1].exe is Win32/Frethog!generic
trojan.
> Deleted
> 2007/03/29 11:30:24.734 File infection: C:\WINDOWS\System32\kdjs1.exe is
> Win32/Frethog!generic trojan. Deleted
> 2007/03/29 11:30:24.734 File infection: C:\WINDOWS\System32\kdjs1.exe is
> Win32/Frethog!generic trojan.
> 2007/03/29 11:30:24.750 File infection: C:\WINDOWS\System32\kdjs1.exe is
> Win32/Frethog!generic trojan.
> 2007/03/29 11:30:24.765 File infection: C:\WINDOWS\System32\kdjs1.exe is
> Win32/Frethog!generic trojan.
> 2007/03/29 11:30:25.578 File infection: C:\Documents and
> Settings\tomnvik.TOMNVIK-NBMH3UY\Local Settings\Temporary Internet
> Files\Content.IE5\OLCNQP8D\wow0328[1].exe is Win32/Frethog!generic trojan.
> Deleted
> 2007/03/29 11:30:25.625 File infection: C:\WINDOWS\System32\kdjs2.exe is
> Win32/Frethog!generic trojan. Deleted
> 2007/03/29 11:30:25.640 File infection: C:\WINDOWS\System32\kdjs2.exe is
> Win32/Frethog!generic trojan.
> 2007/03/29 11:30:25.656 File infection: C:\WINDOWS\System32\kdjs2.exe is
> Win32/Frethog!generic trojan.
> 2007/03/29 11:30:25.656 File infection: C:\WINDOWS\System32\kdjs2.exe is
> Win32/Frethog!generic trojan.
> 2007/03/29 11:30:26.812 File infection: C:\WINDOWS\System32\winform.dll is
> Win32/Frethog.IS trojan. Deleted
> 2007/03/29 11:30:26.828 File infection: C:\WINDOWS\System32\winform.dll is
> Win32/Frethog.IS trojan.
> 2007/03/29 11:30:26.828 File infection: C:\WINDOWS\System32\winform.dll is
> Win32/Frethog.IS trojan.
> 2007/03/29 11:31:23.343 File infection: C:\Documents and
> Settings\tomnvik.TOMNVIK-NBMH3UY\Local

"Poster 60" <ekron@wapda.com> wrote in message
news:uO%Oh.132505$_73.107891@newsread2.news.pas.earthlink.net...
> Turn off system restore until you get rid of the trojan. When you can scan
> your system and all is clean, then turn it back on.
>
>
>
>
> "tom" <k@a.com> wrote in message
> news:1QTOh.17906$tD2.3284@newsread1.news.pas.earthlink.net...
> > Picked up a nasty when opening a web site the other day and can't seem
to
> > shake it. Am using updated CA anti-virus but it allowed the infection
even
> > though it recognizes it but can't rid my system of it. I routinely clean
> out
> > history files and caches. I keep deleting files but it keeps recreating
> > them. It keeps re-establishing itself in the "start" menu in
run/msconfig.
> I
> > have to "end process" of an unusual numbered process in task manager
every
> > time I re-boot. The files that it keeps replicating are in "C/Windows"
and
> > was "norton exe" but has now become "winform exe". Have tried Kapersky,
> > Panda and CA on-line scanners but no luck. Below are the CA prompts I
keep
> > getting. Any ideas? Tom G.
> >
My system restore has been turned off for months before picking up this
infection. AV can't clean infection. Just tonight my homepage has turned
Chinese. Updates for AdAware have been disabled since infection.
Re-installation doesn't help. No response to my hijack this posting.
Considering re-formatt.

"tom" <k@a.com> wrote in message
news:220Ph.132508$_73.48716@newsread2.news.pas.earthlink.net...
>
> "Poster 60" <ekron@wapda.com> wrote in message
> news:uO%Oh.132505$_73.107891@newsread2.news.pas.earthlink.net...
> > Turn off system restore until you get rid of the trojan. When you can
scan
> > your system and all is clean, then turn it back on.
> >
> >
> >
> >
> > "tom" <k@a.com> wrote in message
> > news:1QTOh.17906$tD2.3284@newsread1.news.pas.earthlink.net...
> > > Picked up a nasty when opening a web site the other day and can't seem
> to
> > > shake it. Am using updated CA anti-virus but it allowed the infection
> even
> > > though it recognizes it but can't rid my system of it. I routinely
clean
> > out
> > > history files and caches. I keep deleting files but it keeps
recreating
> > > them. It keeps re-establishing itself in the "start" menu in
> run/msconfig.
> > I
> > > have to "end process" of an unusual numbered process in task manager
> every
> > > time I re-boot. The files that it keeps replicating are in "C/Windows"
> and
> > > was "norton exe" but has now become "winform exe". Have tried
Kapersky,
> > > Panda and CA on-line scanners but no luck. Below are the CA prompts I
> keep
> > > getting. Any ideas? Tom G.
> > >
> My system restore has been turned off for months before picking up this
> infection. AV can't clean infection. Just tonight my homepage has turned
> Chinese. Updates for AdAware have been disabled since infection.
> Re-installation doesn't help. No response to my hijack this posting.
> Considering re-formatt.


Go to the registry (regedit) and search for the references to the files
norton.exe and winform.exe. Delete those references to them. The references
in msconfig will be deleted automatically at the same time. That should stop
the trojan process.

In Message-ID:<220Ph.132508$_73.48716@newsread2.news.pas.earthlink.net>
posted on Fri, 30 Mar 2007 04:07:26 GMT, tom wrote: Begin

>My system restore has been turned off for months before picking up this
>infection. AV can't clean infection. Just tonight my homepage has turned
>Chinese. Updates for AdAware have been disabled since infection.
>Re-installation doesn't help. No response to my hijack this posting.
>Considering re-formatt.

Just save any dynamic data (email etc) and reload the last image you
dumped before the onset of problems, you do ghost your system regularly?


--

0x5BA09291F
convert to base 36 for the sig