Adding to Malke Advice, you Got this Worm: W32/Chode-W
First I recommend Uninstall Norton since Norton have been sitting Ducks for
this Worm, ehnce you said you got AVG ( did you update it's definitions yet).
= You mentioned this path:
C:\Documents and settings\...\pstord.exe Delete the executable file/folder
since it is in the My Documents and look here for Temp Files:
Then Open windows explorer and delete the Temp:
C:\Windows\Temp\TemporaryInternet Files =< Delete all sub-folders in capital
letters they will be here>
= To access the Hosts file do the following:
Open the Windows Explorer and locate this path:
C:\Windows\System32\drivers\etc = look in the Right Pane/window for this
file called the HOSTS file but not the one with the extension *.SAM* leave
this as is.
If you can't see it try to click Tools >> Folder Options and select show
Hidden files and folder, then right Click the Hosts file and select open with
Notepad. //*** Remember to Hide your system files after you find your
file***//
There see any reference for that site and remove it, you Hosts file will
looks like this:
# 102.54.94.97 rhino.acme.com # Source server
# 38.25.63.10 x.acme.com # Client Host
127.0.0.1 LocalHost
------------------------------------------
Remove all other References other than those above.
= Description of W32/Chode-W
http://www.sophos.com/security/analyses/w32chodew.html
= Then Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
When all else fails, HijackThis v1.99.1
(
http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to
http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Does your Norton Up and current for updates and subscriptions?.
HTH.
nass
