Trevor Ferguson said:
Have ThinkPad T23 with XP and SP2 just installed. Internet Explorer
dropping from server. Trying to load McAfee Anti-Virus but won't run.
System re-load after Spyware and Trojan virus detected.
Any suggestions, Trevor
What exactly do you mean by "System re-load"? If you did a non-destructive
restore of the operating system, one that left your data in place, it's
quite likely that any malware on the system was untouched and is still
there.
Get HiJack This and scan your system. The results it displays can be a
little hard to understand, but are extremely helpful in finding, identifying
and stopping running malware, and deleting it. Please don't post the logs
here; there are sites that do feature reviews of HiJack This logs.
Also, get cCleaner (
www.ccleaner.com) and let it clear out temporary folders
and temporary internet files folders. These are prime areas for viruses,
trojans and general malware to enter and launch from. I regularly see
registry entries for malware running from temporary folders, something no
legitimate application should do. You should clear these areas regularly.
Look in msconfig (start, run, msconfig) on the Startup tab to determine what
is loading and what shouldn't be. However, there are often things that get
loaded that do not appear in msconfig.
Finally, you can manually look for suspicous files in the \windows and
\windows\system32 folder (or wherever Windows is installed on your system).
In Explorer, turn on viewing of all files. Go to detail view, sort by
date, and look for most recently created files. You may find suspicious
entries. If you find a known malware file with a different date, check the
other files with that date. It may have company.
Also, run a command prompt at both these folders and issue this command:
dir /ah
which will show you hidden files. There should be some, but malware often
hides itself this way, and if you see files with seemingly random names,
you've probably found some culprits. You may need to use the command
"attrib <filename.ext> -s -h" before you can rename or delete these files;
even so, you may get "access denied" messages, indicating that the malware
is active. Note the filename, and restart in Safe Mode. You should then
be able to rename (to, say, <filename.bad>) or delete.
HTH
-pk