Trouble with Windows Defender

[zirean]

Hi, I am having trouble removing this item from my Windows Vista. Every time
I start my computer, this message comes up saying that
Trojan:Win32/AgencyBypass.gen!K needs to be removed and is severe risk. I
remove it and when I restart my computer it comes up again. Windows Defender
is NOT removing it.
Also when I do a "Cleanup" the TEMP file does not remove JET9980.tmp. When
I try to do this the cleanup program tells me that it is in use.
What is wrong with Windows Defender and why won't it get rid of these items.
Can anyone please help me.

 

[Engel]

Does the same thing happen when you Restart the computer into Safe Mode to
then eradicate the pest?

Also in safe mode, do the Cleanup.


Ǝиçεl
-=-

 

[zirean]

No I haven't tried that. What do I do? I'm not experienced technically with
computers. I appreciate your response and support.

 

[Kayman]

Hi, I am having trouble removing this item from my Windows Vista. Every time
I start my computer, this message comes up saying that
Trojan:Win32/AgencyBypass.gen!K needs to be removed and is severe risk. I
remove it and when I restart my computer it comes up again. Windows Defender
is NOT removing it.
Also when I do a "Cleanup" the TEMP file does not remove JET9980.tmp. When
I try to do this the cleanup program tells me that it is in use.
What is wrong with Windows Defender and why won't it get rid of these items.
Can anyone please help me.

1.Clear the (IE) temporary Internet files and the history cache.
Click 'Start' and then click 'Run'... then type (or copy/paste)
"inetcpl.cpl" (w/out quotation marks) into the box, then click the 'OK'
button.
In Internet Properties panel 'General' tab, under 'Browsing history', click
'Delete...'button, in 'Delete Browsing History' panel, click the 'Delete
all...' button then place a checkmark into the box beside 'Also delete
files and settings stored by add-ons', Click 'Yes' and exit the Internet
Properties panel by clicking the 'OK' button.

2.Clean HDD
Delete files using Disk Cleanup (if on Vista)
http://windowshelp.microsoft.com/Windows/en-US/help/1264bc24-72a8-48aa-84e3-a355327139d91033.mspx

3.Download/execute:
Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
--and--
SuperAntispyware - Free
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

--and/optional--
Kaspersky® Virus Removal Tool
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
http://www.kaspersky.com/support/viruses/avptool?level=2
--and/optional--
Dr.Web CureIt!® Utility - FREE
http://www.freedrweb.com/cureit/
--and/optional--
a-squared (a²) Free or a-squared (a²) Command Line Scanner
http://www.emsisoft.com/en/software/download/
--and/optional--
BitDefender10 Free Edition (*NOT FOR VISTA*)
http://www.bitdefender.com/site/Downloads/browseEvaluationVersion/1/42/
--and/optional
Sophos Anti-Virus (SAV32CLI), is a 32 bit free command line scanner used in
an emergency as a disinfection utility for Windows NT, Windows 2000,
Windows XP and Windows 2003.
To use the Sophos command line software follow the steps below:
1.Download SAV32CLI
http://downloads.sophos.com/tools/sav32sfx.exe
--and--
extract the contents by double clicking the file.
2.Add the latest IDE (virus definition) files to the folder.
These can be downloaded here
http://www.sophos.com/downloads/ide/
3) Read Scanning Options with SAV32CLI.
http://www.sophos.com/support/knowledgebase/article/13252.html
See removing malicious files with SAV32CLI for basic information on virus,
spyware, Trojan and worm removal with SAV32CLI.
http://www.sophos.com/support/knowledgebase/article/13251.html

NOTE:
The above mentioned applications are not capable for real-time protection
of your computer; They are on-demand scanners.

Kaspersky® Virus Removal Tool, Dr.Web CureIt!® have no update feature (so
they don't turn into full blown scanners). As soon as your computer is
cleaned you are supposed to remove these tools from your operating system
and revert back to your (updated) resident (real-time) AV application.
Re: Kaspersky® Virus Removal Tool; To uninstall/move this program 'enable
self-defense' must be unchecked!

To scan your computer with the most up-to-date Kaspersky® AVPTool and
Dr.Web CureIT!® virus databases next time you should download new
Kaspersky® AVPTool and Dr.Web CureIt!® packages.

BitDefender10 Free Edition, a-squared Free or a-squared Command Line
Scanner, Sophos Anti-Virus (SAV32CLI) and the free version of Malwarebytes©
and SuperAntispyware have an update feature; You may wish to keep a couple
of them installed in addtion to your resident AV/A-S applications and scan
frequently.

After the software is updated, it is suggested scanning the system in Safe
Mode (this does not apply to MBAM).
"Malwarebytes actually performs better in Normal Mode" says Dustin Cook,
co-author of MBAM.
How do you boot to Safe Mode?
By pressing/tabbing F8 (or F5 on some keyboards) during re-boot.
A description of the Safe Mode Boot options in Windows XP
http://support.microsoft.com/default.aspx?scid=315222
Start your computer in safe mode (Vista)
http://windowshelp.microsoft.com/Windows/en-us/help/323ef48f-7b93-4079-a48a-5c58eec904a11033.mspx
http://www.bleepingcomputer.com/tutorials/tutorial61.html

4.Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Please, do not post HJT logs to this newsgroup.
Fora where you can get expert advice for HiJack This! (HJT) logs.

http://www.thespykiller.co.uk/index.php?board=3.0
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.tomcoyote.org/index.php?showforum=27
http://www.bleepingcomputer.com/forums/forum22.html
http://www.malwarebytes.org/forums/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29

NOTE:
Registration is required in any of the above mentioned fora before posting
a HJT log and read the 'stickies' (instructions/guidelines) for the
respective HJT forum.

5.Routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html

Additional references:
How to optimize or reset Internet Explorer 7
http://support.microsoft.com/kb/936213
Applies to: Windows Internet Explorer 7 in Windows Vista

How to use Reset Internet Explorer Settings (RIES)
http://support.microsoft.com/kb/923737
Read: "What you must know"
Applies to: Windows Internet Explorer 7 for Windows XP and
Windows Internet Explorer 7 in Windows Vista

GMER - is an application that detects and removes rootkits.
http://www.gmer.net/index.php

For additional assistance in relation GMER scan results consult either
http://antirootkit.com/forums/index.php?sid=9e746bb696ac0bb38781ffe4361c3a17
--or--
http://www.thespykiller.co.uk/index.php?board=3.0

CCleaner - Free
Cleans temporary internet files, cookies, history, recent urls, application
MRUs, etc. ...
http://www.ccleaner.com/download/builds/downloading-slim
If Windows Defender is utilized go to Applications, under Utilities uncheck
"Windows Defender" (so it won't delete the history of WD).
If you wish, click 'Options' button the 'Settings' [check] 'Run CCleaner
when the computer starts'.
Setup CCleaner to Automatically Run Each Night in Vista or XP
http://www.howtogeek.com/howto/wind...-automatically-run-each-night-in-vista-or-xp/

Good luck

 

[Engel]

Hi zirean,

Windows Vista

Using the F8 Method

Restart your computer.

When the computer starts you will see your computer's hardware being listed.

When you see this information start to gently tap the F8 key repeatedly
until you are presented with the Windows Vista Advanced Boot Options.

Select the Safe Mode option using the arrow keys.

Then press the enter key on your keyboard to boot into Vista Safe Mode.

When Windows starts you will be at a typical logon screen. Logon to your
computer and Vista will enter Safe mode.

Do whatever tasks you require, and when you are done, reboot to go back into
normal mode.

Source:
Vista <http://www.bleepingcomputer.com/tutorials/tutorial61.html#vista>


I would suggest, run your antivirus in safe mode too.


There's a good chance there are more bugs that need to be removed. Try
SUPERAntiSpyware Free and MalwaÑeBytes:

<http://www.superantispyware.com/>
-=-

<http://www.malwarebytes.org/mbam.php>
-=-

The programs are free. (There is a paid version but you don't need to buy it
to remove malware.)


Good luck

Ǝиçεl
-=-

 

[zirean]

--
zirean

Hi, I am having trouble removing this item from my Windows Vista. Every time
I start my computer, this message comes up saying that
Trojan:Win32/AgencyBypass.gen!K needs to be removed and is severe risk. I
remove it and when I restart my computer it comes up again. Windows Defender
is NOT removing it.
Also when I do a "Cleanup" the TEMP file does not remove JET9980.tmp. When
I try to do this the cleanup program tells me that it is in use.
What is wrong with Windows Defender and why won't it get rid of these items.
Can anyone please help me.

1.Clear the (IE) temporary Internet files and the history cache.
Click 'Start' and then click 'Run'... then type (or copy/paste)
"inetcpl.cpl" (w/out quotation marks) into the box, then click the 'OK'
button.
In Internet Properties panel 'General' tab, under 'Browsing history', click
'Delete...'button, in 'Delete Browsing History' panel, click the 'Delete
all...' button then place a checkmark into the box beside 'Also delete
files and settings stored by add-ons', Click 'Yes' and exit the Internet
Properties panel by clicking the 'OK' button.

2.Clean HDD
Delete files using Disk Cleanup (if on Vista)
http://windowshelp.microsoft.com/Windows/en-US/help/1264bc24-72a8-48aa-84e3-a355327139d91033.mspx

3.Download/execute:
Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
--and--
SuperAntispyware - Free
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

--and/optional--
Kaspersky® Virus Removal Tool
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
http://www.kaspersky.com/support/viruses/avptool?level=2
--and/optional--
Dr.Web CureIt!® Utility - FREE
http://www.freedrweb.com/cureit/
--and/optional--
a-squared (a²) Free or a-squared (a²) Command Line Scanner
http://www.emsisoft.com/en/software/download/
--and/optional--
BitDefender10 Free Edition (*NOT FOR VISTA*)
http://www.bitdefender.com/site/Downloads/browseEvaluationVersion/1/42/
--and/optional
Sophos Anti-Virus (SAV32CLI), is a 32 bit free command line scanner used in
an emergency as a disinfection utility for Windows NT, Windows 2000,
Windows XP and Windows 2003.
To use the Sophos command line software follow the steps below:
1.Download SAV32CLI
http://downloads.sophos.com/tools/sav32sfx.exe
--and--
extract the contents by double clicking the file.
2.Add the latest IDE (virus definition) files to the folder.
These can be downloaded here
http://www.sophos.com/downloads/ide/
3) Read Scanning Options with SAV32CLI.
http://www.sophos.com/support/knowledgebase/article/13252.html
See removing malicious files with SAV32CLI for basic information on virus,
spyware, Trojan and worm removal with SAV32CLI.
http://www.sophos.com/support/knowledgebase/article/13251.html

NOTE:
The above mentioned applications are not capable for real-time protection
of your computer; They are on-demand scanners.

Kaspersky® Virus Removal Tool, Dr.Web CureIt!® have no update feature (so
they don't turn into full blown scanners). As soon as your computer is
cleaned you are supposed to remove these tools from your operating system
and revert back to your (updated) resident (real-time) AV application.
Re: Kaspersky® Virus Removal Tool; To uninstall/move this program 'enable
self-defense' must be unchecked!

To scan your computer with the most up-to-date Kaspersky® AVPTool and
Dr.Web CureIT!® virus databases next time you should download new
Kaspersky® AVPTool and Dr.Web CureIt!® packages.

BitDefender10 Free Edition, a-squared Free or a-squared Command Line
Scanner, Sophos Anti-Virus (SAV32CLI) and the free version of Malwarebytes©
and SuperAntispyware have an update feature; You may wish to keep a couple
of them installed in addtion to your resident AV/A-S applications and scan
frequently.

After the software is updated, it is suggested scanning the system in Safe
Mode (this does not apply to MBAM).
"Malwarebytes actually performs better in Normal Mode" says Dustin Cook,
co-author of MBAM.
How do you boot to Safe Mode?
By pressing/tabbing F8 (or F5 on some keyboards) during re-boot.
A description of the Safe Mode Boot options in Windows XP
http://support.microsoft.com/default.aspx?scid=315222
Start your computer in safe mode (Vista)
http://windowshelp.microsoft.com/Windows/en-us/help/323ef48f-7b93-4079-a48a-5c58eec904a11033.mspx
http://www.bleepingcomputer.com/tutorials/tutorial61.html

4.Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Please, do not post HJT logs to this newsgroup.
Fora where you can get expert advice for HiJack This! (HJT) logs.

http://www.thespykiller.co.uk/index.php?board=3.0
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.tomcoyote.org/index.php?showforum=27
http://www.bleepingcomputer.com/forums/forum22.html
http://www.malwarebytes.org/forums/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29

NOTE:
Registration is required in any of the above mentioned fora before posting
a HJT log and read the 'stickies' (instructions/guidelines) for the
respective HJT forum.

5.Routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html

Additional references:
How to optimize or reset Internet Explorer 7
http://support.microsoft.com/kb/936213
Applies to: Windows Internet Explorer 7 in Windows Vista

How to use Reset Internet Explorer Settings (RIES)
http://support.microsoft.com/kb/923737
Read: "What you must know"
Applies to: Windows Internet Explorer 7 for Windows XP and
Windows Internet Explorer 7 in Windows Vista

GMER - is an application that detects and removes rootkits.
http://www.gmer.net/index.php

For additional assistance in relation GMER scan results consult either
http://antirootkit.com/forums/index.php?sid=9e746bb696ac0bb38781ffe4361c3a17
--or--
http://www.thespykiller.co.uk/index.php?board=3.0

CCleaner - Free
Cleans temporary internet files, cookies, history, recent urls, application
MRUs, etc. ...
http://www.ccleaner.com/download/builds/downloading-slim
If Windows Defender is utilized go to Applications, under Utilities uncheck
"Windows Defender" (so it won't delete the history of WD).
If you wish, click 'Options' button the 'Settings' [check] 'Run CCleaner
when the computer starts'.
Setup CCleaner to Automatically Run Each Night in Vista or XP
http://www.howtogeek.com/howto/wind...-automatically-run-each-night-in-vista-or-xp/

Good luck

 

[zirean]

--
zirean

Hi, I am having trouble removing this item from my Windows Vista. Every time
I start my computer, this message comes up saying that
Trojan:Win32/AgencyBypass.gen!K needs to be removed and is severe risk. I
remove it and when I restart my computer it comes up again. Windows Defender
is NOT removing it.
Also when I do a "Cleanup" the TEMP file does not remove JET9980.tmp. When
I try to do this the cleanup program tells me that it is in use.
What is wrong with Windows Defender and why won't it get rid of these items.
Can anyone please help me.

1.Clear the (IE) temporary Internet files and the history cache.
Click 'Start' and then click 'Run'... then type (or copy/paste)
"inetcpl.cpl" (w/out quotation marks) into the box, then click the 'OK'
button.
In Internet Properties panel 'General' tab, under 'Browsing history', click
'Delete...'button, in 'Delete Browsing History' panel, click the 'Delete
all...' button then place a checkmark into the box beside 'Also delete
files and settings stored by add-ons', Click 'Yes' and exit the Internet
Properties panel by clicking the 'OK' button.

2.Clean HDD
Delete files using Disk Cleanup (if on Vista)
http://windowshelp.microsoft.com/Windows/en-US/help/1264bc24-72a8-48aa-84e3-a355327139d91033.mspx

3.Download/execute:
Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
--and--
SuperAntispyware - Free
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

--and/optional--
Kaspersky® Virus Removal Tool
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
http://www.kaspersky.com/support/viruses/avptool?level=2
--and/optional--
Dr.Web CureIt!® Utility - FREE
http://www.freedrweb.com/cureit/
--and/optional--
a-squared (a²) Free or a-squared (a²) Command Line Scanner
http://www.emsisoft.com/en/software/download/
--and/optional--
BitDefender10 Free Edition (*NOT FOR VISTA*)
http://www.bitdefender.com/site/Downloads/browseEvaluationVersion/1/42/
--and/optional
Sophos Anti-Virus (SAV32CLI), is a 32 bit free command line scanner used in
an emergency as a disinfection utility for Windows NT, Windows 2000,
Windows XP and Windows 2003.
To use the Sophos command line software follow the steps below:
1.Download SAV32CLI
http://downloads.sophos.com/tools/sav32sfx.exe
--and--
extract the contents by double clicking the file.
2.Add the latest IDE (virus definition) files to the folder.
These can be downloaded here
http://www.sophos.com/downloads/ide/
3) Read Scanning Options with SAV32CLI.
http://www.sophos.com/support/knowledgebase/article/13252.html
See removing malicious files with SAV32CLI for basic information on virus,
spyware, Trojan and worm removal with SAV32CLI.
http://www.sophos.com/support/knowledgebase/article/13251.html

NOTE:
The above mentioned applications are not capable for real-time protection
of your computer; They are on-demand scanners.

Kaspersky® Virus Removal Tool, Dr.Web CureIt!® have no update feature (so
they don't turn into full blown scanners). As soon as your computer is
cleaned you are supposed to remove these tools from your operating system
and revert back to your (updated) resident (real-time) AV application.
Re: Kaspersky® Virus Removal Tool; To uninstall/move this program 'enable
self-defense' must be unchecked!

To scan your computer with the most up-to-date Kaspersky® AVPTool and
Dr.Web CureIT!® virus databases next time you should download new
Kaspersky® AVPTool and Dr.Web CureIt!® packages.

BitDefender10 Free Edition, a-squared Free or a-squared Command Line
Scanner, Sophos Anti-Virus (SAV32CLI) and the free version of Malwarebytes©
and SuperAntispyware have an update feature; You may wish to keep a couple
of them installed in addtion to your resident AV/A-S applications and scan
frequently.

After the software is updated, it is suggested scanning the system in Safe
Mode (this does not apply to MBAM).
"Malwarebytes actually performs better in Normal Mode" says Dustin Cook,
co-author of MBAM.
How do you boot to Safe Mode?
By pressing/tabbing F8 (or F5 on some keyboards) during re-boot.
A description of the Safe Mode Boot options in Windows XP
http://support.microsoft.com/default.aspx?scid=315222
Start your computer in safe mode (Vista)
http://windowshelp.microsoft.com/Windows/en-us/help/323ef48f-7b93-4079-a48a-5c58eec904a11033.mspx
http://www.bleepingcomputer.com/tutorials/tutorial61.html

4.Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Please, do not post HJT logs to this newsgroup.
Fora where you can get expert advice for HiJack This! (HJT) logs.

http://www.thespykiller.co.uk/index.php?board=3.0
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.tomcoyote.org/index.php?showforum=27
http://www.bleepingcomputer.com/forums/forum22.html
http://www.malwarebytes.org/forums/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29

NOTE:
Registration is required in any of the above mentioned fora before posting
a HJT log and read the 'stickies' (instructions/guidelines) for the
respective HJT forum.

5.Routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html

Additional references:
How to optimize or reset Internet Explorer 7
http://support.microsoft.com/kb/936213
Applies to: Windows Internet Explorer 7 in Windows Vista

How to use Reset Internet Explorer Settings (RIES)
http://support.microsoft.com/kb/923737
Read: "What you must know"
Applies to: Windows Internet Explorer 7 for Windows XP and
Windows Internet Explorer 7 in Windows Vista

GMER - is an application that detects and removes rootkits.
http://www.gmer.net/index.php

For additional assistance in relation GMER scan results consult either
http://antirootkit.com/forums/index.php?sid=9e746bb696ac0bb38781ffe4361c3a17
--or--
http://www.thespykiller.co.uk/index.php?board=3.0

CCleaner - Free
Cleans temporary internet files, cookies, history, recent urls, application
MRUs, etc. ...
http://www.ccleaner.com/download/builds/downloading-slim
If Windows Defender is utilized go to Applications, under Utilities uncheck
"Windows Defender" (so it won't delete the history of WD).
If you wish, click 'Options' button the 'Settings' [check] 'Run CCleaner
when the computer starts'.
Setup CCleaner to Automatically Run Each Night in Vista or XP
http://www.howtogeek.com/howto/wind...-automatically-run-each-night-in-vista-or-xp/

Good luck

 

[zirean]

Hi everyone and thank you for your support. I will try your tip Engel. I
have real trouble trying to understand Kayman (too much information). As I
explained, I am not very familiar with computers or terminology and too much
info can be mindboggling!.

Can either of you tell me what these things are and what they do? How can I
make sure that I don't get stuck with them again or some similar trojan and
why won't Windows Defender remove them?
--
zirean

Hi, I am having trouble removing this item from my Windows Vista. Every time
I start my computer, this message comes up saying that
Trojan:Win32/AgencyBypass.gen!K needs to be removed and is severe risk. I
remove it and when I restart my computer it comes up again. Windows Defender
is NOT removing it.
Also when I do a "Cleanup" the TEMP file does not remove JET9980.tmp. When
I try to do this the cleanup program tells me that it is in use.
What is wrong with Windows Defender and why won't it get rid of these items.
Can anyone please help me.

1.Clear the (IE) temporary Internet files and the history cache.
Click 'Start' and then click 'Run'... then type (or copy/paste)
"inetcpl.cpl" (w/out quotation marks) into the box, then click the 'OK'
button.
In Internet Properties panel 'General' tab, under 'Browsing history', click
'Delete...'button, in 'Delete Browsing History' panel, click the 'Delete
all...' button then place a checkmark into the box beside 'Also delete
files and settings stored by add-ons', Click 'Yes' and exit the Internet
Properties panel by clicking the 'OK' button.

2.Clean HDD
Delete files using Disk Cleanup (if on Vista)
http://windowshelp.microsoft.com/Windows/en-US/help/1264bc24-72a8-48aa-84e3-a355327139d91033.mspx

3.Download/execute:
Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
--and--
SuperAntispyware - Free
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

--and/optional--
Kaspersky® Virus Removal Tool
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
http://www.kaspersky.com/support/viruses/avptool?level=2
--and/optional--
Dr.Web CureIt!® Utility - FREE
http://www.freedrweb.com/cureit/
--and/optional--
a-squared (a²) Free or a-squared (a²) Command Line Scanner
http://www.emsisoft.com/en/software/download/
--and/optional--
BitDefender10 Free Edition (*NOT FOR VISTA*)
http://www.bitdefender.com/site/Downloads/browseEvaluationVersion/1/42/
--and/optional
Sophos Anti-Virus (SAV32CLI), is a 32 bit free command line scanner used in
an emergency as a disinfection utility for Windows NT, Windows 2000,
Windows XP and Windows 2003.
To use the Sophos command line software follow the steps below:
1.Download SAV32CLI
http://downloads.sophos.com/tools/sav32sfx.exe
--and--
extract the contents by double clicking the file.
2.Add the latest IDE (virus definition) files to the folder.
These can be downloaded here
http://www.sophos.com/downloads/ide/
3) Read Scanning Options with SAV32CLI.
http://www.sophos.com/support/knowledgebase/article/13252.html
See removing malicious files with SAV32CLI for basic information on virus,
spyware, Trojan and worm removal with SAV32CLI.
http://www.sophos.com/support/knowledgebase/article/13251.html

NOTE:
The above mentioned applications are not capable for real-time protection
of your computer; They are on-demand scanners.

Kaspersky® Virus Removal Tool, Dr.Web CureIt!® have no update feature (so
they don't turn into full blown scanners). As soon as your computer is
cleaned you are supposed to remove these tools from your operating system
and revert back to your (updated) resident (real-time) AV application.
Re: Kaspersky® Virus Removal Tool; To uninstall/move this program 'enable
self-defense' must be unchecked!

To scan your computer with the most up-to-date Kaspersky® AVPTool and
Dr.Web CureIT!® virus databases next time you should download new
Kaspersky® AVPTool and Dr.Web CureIt!® packages.

BitDefender10 Free Edition, a-squared Free or a-squared Command Line
Scanner, Sophos Anti-Virus (SAV32CLI) and the free version of Malwarebytes©
and SuperAntispyware have an update feature; You may wish to keep a couple
of them installed in addtion to your resident AV/A-S applications and scan
frequently.

After the software is updated, it is suggested scanning the system in Safe
Mode (this does not apply to MBAM).
"Malwarebytes actually performs better in Normal Mode" says Dustin Cook,
co-author of MBAM.
How do you boot to Safe Mode?
By pressing/tabbing F8 (or F5 on some keyboards) during re-boot.
A description of the Safe Mode Boot options in Windows XP
http://support.microsoft.com/default.aspx?scid=315222
Start your computer in safe mode (Vista)
http://windowshelp.microsoft.com/Windows/en-us/help/323ef48f-7b93-4079-a48a-5c58eec904a11033.mspx
http://www.bleepingcomputer.com/tutorials/tutorial61.html

4.Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Please, do not post HJT logs to this newsgroup.
Fora where you can get expert advice for HiJack This! (HJT) logs.

http://www.thespykiller.co.uk/index.php?board=3.0
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.tomcoyote.org/index.php?showforum=27
http://www.bleepingcomputer.com/forums/forum22.html
http://www.malwarebytes.org/forums/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29

NOTE:
Registration is required in any of the above mentioned fora before posting
a HJT log and read the 'stickies' (instructions/guidelines) for the
respective HJT forum.

5.Routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html

Additional references:
How to optimize or reset Internet Explorer 7
http://support.microsoft.com/kb/936213
Applies to: Windows Internet Explorer 7 in Windows Vista

How to use Reset Internet Explorer Settings (RIES)
http://support.microsoft.com/kb/923737
Read: "What you must know"
Applies to: Windows Internet Explorer 7 for Windows XP and
Windows Internet Explorer 7 in Windows Vista

GMER - is an application that detects and removes rootkits.
http://www.gmer.net/index.php

For additional assistance in relation GMER scan results consult either
http://antirootkit.com/forums/index.php?sid=9e746bb696ac0bb38781ffe4361c3a17
--or--
http://www.thespykiller.co.uk/index.php?board=3.0

CCleaner - Free
Cleans temporary internet files, cookies, history, recent urls, application
MRUs, etc. ...
http://www.ccleaner.com/download/builds/downloading-slim
If Windows Defender is utilized go to Applications, under Utilities uncheck
"Windows Defender" (so it won't delete the history of WD).
If you wish, click 'Options' button the 'Settings' [check] 'Run CCleaner
when the computer starts'.
Setup CCleaner to Automatically Run Each Night in Vista or XP
http://www.howtogeek.com/howto/wind...-automatically-run-each-night-in-vista-or-xp/

Good luck

 

[Alan D]

Hi zirean. I sympathise with your plight - it's easy to feel overwhelmed. By
all means follow Engel's advice in the first instance. Defender may be able
to remove the malware from SAFE mode.

However, it might be helpful if we extract just a couple of items from
Kayman's excellent list and try those. That is, download and install these
two programs (both free):

1. Malwarebytes - Anti-Malware (called MBAM for short)
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
and--
2. SuperAntispyware (SAS for short):
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

These are both free scanners with an excellent reputation, and you'd do well
to have these on your computer, and scan regularly with them in future in
any case. They're simple to set up and simple to use. Different scanners
have different strengths and weaknesses, and where one program will fail to
detect or remove a particular type of malware, another may succeed.

This is not so thorough an answer as Kayman's, but maybe it will move you
forward a bit?
Cheers,
Alan D

)> wrote in message

Hi everyone and thank you for your support. I will try your tip Engel.
I
have real trouble trying to understand Kayman (too much information). As
I
explained, I am not very familiar with computers or terminology and too
much
info can be mindboggling!.

Can either of you tell me what these things are and what they do? How can
I
make sure that I don't get stuck with them again or some similar trojan
and
why won't Windows Defender remove them?
--
zirean

Hi, I am having trouble removing this item from my Windows Vista.
Every time
I start my computer, this message comes up saying that
Trojan:Win32/AgencyBypass.gen!K needs to be removed and is severe risk.
I
remove it and when I restart my computer it comes up again. Windows
Defender
is NOT removing it.
Also when I do a "Cleanup" the TEMP file does not remove JET9980.tmp.
When
I try to do this the cleanup program tells me that it is in use.
What is wrong with Windows Defender and why won't it get rid of these
items.
Can anyone please help me.

1.Clear the (IE) temporary Internet files and the history cache.
Click 'Start' and then click 'Run'... then type (or copy/paste)
"inetcpl.cpl" (w/out quotation marks) into the box, then click the 'OK'
button.
In Internet Properties panel 'General' tab, under 'Browsing history',
click
'Delete...'button, in 'Delete Browsing History' panel, click the 'Delete
all...' button then place a checkmark into the box beside 'Also delete
files and settings stored by add-ons', Click 'Yes' and exit the Internet
Properties panel by clicking the 'OK' button.

2.Clean HDD
Delete files using Disk Cleanup (if on Vista)
http://windowshelp.microsoft.com/Windows/en-US/help/1264bc24-72a8-48aa-84e3-a355327139d91033.mspx

3.Download/execute:
Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
--and--
SuperAntispyware - Free
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

--and/optional--
Kaspersky® Virus Removal Tool
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
http://www.kaspersky.com/support/viruses/avptool?level=2
--and/optional--
Dr.Web CureIt!® Utility - FREE
http://www.freedrweb.com/cureit/
--and/optional--
a-squared (a²) Free or a-squared (a²) Command Line Scanner
http://www.emsisoft.com/en/software/download/
--and/optional--
BitDefender10 Free Edition (*NOT FOR VISTA*)
http://www.bitdefender.com/site/Downloads/browseEvaluationVersion/1/42/
--and/optional
Sophos Anti-Virus (SAV32CLI), is a 32 bit free command line scanner used
in
an emergency as a disinfection utility for Windows NT, Windows 2000,
Windows XP and Windows 2003.
To use the Sophos command line software follow the steps below:
1.Download SAV32CLI
http://downloads.sophos.com/tools/sav32sfx.exe
--and--
extract the contents by double clicking the file.
2.Add the latest IDE (virus definition) files to the folder.
These can be downloaded here
http://www.sophos.com/downloads/ide/
3) Read Scanning Options with SAV32CLI.
http://www.sophos.com/support/knowledgebase/article/13252.html
See removing malicious files with SAV32CLI for basic information on
virus,
spyware, Trojan and worm removal with SAV32CLI.
http://www.sophos.com/support/knowledgebase/article/13251.html

NOTE:
The above mentioned applications are not capable for real-time protection
of your computer; They are on-demand scanners.

Kaspersky® Virus Removal Tool, Dr.Web CureIt!® have no update feature (so
they don't turn into full blown scanners). As soon as your computer is
cleaned you are supposed to remove these tools from your operating system
and revert back to your (updated) resident (real-time) AV application.
Re: Kaspersky® Virus Removal Tool; To uninstall/move this program 'enable
self-defense' must be unchecked!

To scan your computer with the most up-to-date Kaspersky® AVPTool and
Dr.Web CureIT!® virus databases next time you should download new
Kaspersky® AVPTool and Dr.Web CureIt!® packages.

BitDefender10 Free Edition, a-squared Free or a-squared Command Line
Scanner, Sophos Anti-Virus (SAV32CLI) and the free version of
Malwarebytes©
and SuperAntispyware have an update feature; You may wish to keep a
couple
of them installed in addtion to your resident AV/A-S applications and
scan
frequently.

After the software is updated, it is suggested scanning the system in
Safe
Mode (this does not apply to MBAM).
"Malwarebytes actually performs better in Normal Mode" says Dustin Cook,
co-author of MBAM.
How do you boot to Safe Mode?
By pressing/tabbing F8 (or F5 on some keyboards) during re-boot.
A description of the Safe Mode Boot options in Windows XP
http://support.microsoft.com/default.aspx?scid=315222
Start your computer in safe mode (Vista)
http://windowshelp.microsoft.com/Windows/en-us/help/323ef48f-7b93-4079-a48a-5c58eec904a11033.mspx
http://www.bleepingcomputer.com/tutorials/tutorial61.html

4.Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Please, do not post HJT logs to this newsgroup.
Fora where you can get expert advice for HiJack This! (HJT) logs.

http://www.thespykiller.co.uk/index.php?board=3.0
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.tomcoyote.org/index.php?showforum=27
http://www.bleepingcomputer.com/forums/forum22.html
http://www.malwarebytes.org/forums/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29

NOTE:
Registration is required in any of the above mentioned fora before
posting
a HJT log and read the 'stickies' (instructions/guidelines) for the
respective HJT forum.

5.Routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html

Additional references:
How to optimize or reset Internet Explorer 7
http://support.microsoft.com/kb/936213
Applies to: Windows Internet Explorer 7 in Windows Vista

How to use Reset Internet Explorer Settings (RIES)
http://support.microsoft.com/kb/923737
Read: "What you must know"
Applies to: Windows Internet Explorer 7 for Windows XP and
Windows Internet Explorer 7 in Windows Vista

GMER - is an application that detects and removes rootkits.
http://www.gmer.net/index.php

For additional assistance in relation GMER scan results consult either
http://antirootkit.com/forums/index.php?sid=9e746bb696ac0bb38781ffe4361c3a17
--or--
http://www.thespykiller.co.uk/index.php?board=3.0

CCleaner - Free
Cleans temporary internet files, cookies, history, recent urls,
application
MRUs, etc. ...
http://www.ccleaner.com/download/builds/downloading-slim
If Windows Defender is utilized go to Applications, under Utilities
uncheck
"Windows Defender" (so it won't delete the history of WD).
If you wish, click 'Options' button the 'Settings' [check] 'Run CCleaner
when the computer starts'.
Setup CCleaner to Automatically Run Each Night in Vista or XP
http://www.howtogeek.com/howto/wind...-automatically-run-each-night-in-vista-or-xp/

Good luck

 

[Bill Sanderson]

One reference for this that I was able to spot states that it is a
memory-resident trojan which hooks a Windows process, so that every time
that process is run, the trojan is active.

These can be difficult to remove.

Have you tried restarting the machine in safe mode (by pressing the F8
function key several times as the machine is starting up--before the XP logo
appears?

If you can start the machine in safe mode, please try to clean it using both
Windows Defender and your antivirus application.

If that is not successful, I would recommend either running an online
antivirus scan in safe mode with networking (same instructions as above, but
choose safe mode with networking)--at safety.live.com

Or--calling Microsoft at 1-866-pcsafety if you are in the U.S. or Canada.
If elsewhere, call the nearest phone number for paid support and ask for the
free help with virus or spyware or security patch issues.

I see a thread at bleepingcomputer.com where this is finally fixed by
combofix"

http://www.bleepingcomputer.com/forums/topic193340.html

But I suspect that you will be more comfortable going with the online scan,
or direct phone support from Microsoft.

If you do want to post to a forum such as the one at
bleepingcomputer.com--Kayman has given those instructions as part of his
excellent information.

Hi everyone and thank you for your support. I will try your tip Engel.
I
have real trouble trying to understand Kayman (too much information). As
I
explained, I am not very familiar with computers or terminology and too
much
info can be mindboggling!.

Can either of you tell me what these things are and what they do? How can
I
make sure that I don't get stuck with them again or some similar trojan
and
why won't Windows Defender remove them?
--
zirean

Hi, I am having trouble removing this item from my Windows Vista.
Every time
I start my computer, this message comes up saying that
Trojan:Win32/AgencyBypass.gen!K needs to be removed and is severe risk.
I
remove it and when I restart my computer it comes up again. Windows
Defender
is NOT removing it.
Also when I do a "Cleanup" the TEMP file does not remove JET9980.tmp.
When
I try to do this the cleanup program tells me that it is in use.
What is wrong with Windows Defender and why won't it get rid of these
items.
Can anyone please help me.

1.Clear the (IE) temporary Internet files and the history cache.
Click 'Start' and then click 'Run'... then type (or copy/paste)
"inetcpl.cpl" (w/out quotation marks) into the box, then click the 'OK'
button.
In Internet Properties panel 'General' tab, under 'Browsing history',
click
'Delete...'button, in 'Delete Browsing History' panel, click the 'Delete
all...' button then place a checkmark into the box beside 'Also delete
files and settings stored by add-ons', Click 'Yes' and exit the Internet
Properties panel by clicking the 'OK' button.

2.Clean HDD
Delete files using Disk Cleanup (if on Vista)
http://windowshelp.microsoft.com/Windows/en-US/help/1264bc24-72a8-48aa-84e3-a355327139d91033.mspx

3.Download/execute:
Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
--and--
SuperAntispyware - Free
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

--and/optional--
Kaspersky® Virus Removal Tool
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
http://www.kaspersky.com/support/viruses/avptool?level=2
--and/optional--
Dr.Web CureIt!® Utility - FREE
http://www.freedrweb.com/cureit/
--and/optional--
a-squared (a²) Free or a-squared (a²) Command Line Scanner
http://www.emsisoft.com/en/software/download/
--and/optional--
BitDefender10 Free Edition (*NOT FOR VISTA*)
http://www.bitdefender.com/site/Downloads/browseEvaluationVersion/1/42/
--and/optional
Sophos Anti-Virus (SAV32CLI), is a 32 bit free command line scanner used
in
an emergency as a disinfection utility for Windows NT, Windows 2000,
Windows XP and Windows 2003.
To use the Sophos command line software follow the steps below:
1.Download SAV32CLI
http://downloads.sophos.com/tools/sav32sfx.exe
--and--
extract the contents by double clicking the file.
2.Add the latest IDE (virus definition) files to the folder.
These can be downloaded here
http://www.sophos.com/downloads/ide/
3) Read Scanning Options with SAV32CLI.
http://www.sophos.com/support/knowledgebase/article/13252.html
See removing malicious files with SAV32CLI for basic information on
virus,
spyware, Trojan and worm removal with SAV32CLI.
http://www.sophos.com/support/knowledgebase/article/13251.html

NOTE:
The above mentioned applications are not capable for real-time protection
of your computer; They are on-demand scanners.

Kaspersky® Virus Removal Tool, Dr.Web CureIt!® have no update feature (so
they don't turn into full blown scanners). As soon as your computer is
cleaned you are supposed to remove these tools from your operating system
and revert back to your (updated) resident (real-time) AV application.
Re: Kaspersky® Virus Removal Tool; To uninstall/move this program 'enable
self-defense' must be unchecked!

To scan your computer with the most up-to-date Kaspersky® AVPTool and
Dr.Web CureIT!® virus databases next time you should download new
Kaspersky® AVPTool and Dr.Web CureIt!® packages.

BitDefender10 Free Edition, a-squared Free or a-squared Command Line
Scanner, Sophos Anti-Virus (SAV32CLI) and the free version of
Malwarebytes©
and SuperAntispyware have an update feature; You may wish to keep a
couple
of them installed in addtion to your resident AV/A-S applications and
scan
frequently.

After the software is updated, it is suggested scanning the system in
Safe
Mode (this does not apply to MBAM).
"Malwarebytes actually performs better in Normal Mode" says Dustin Cook,
co-author of MBAM.
How do you boot to Safe Mode?
By pressing/tabbing F8 (or F5 on some keyboards) during re-boot.
A description of the Safe Mode Boot options in Windows XP
http://support.microsoft.com/default.aspx?scid=315222
Start your computer in safe mode (Vista)
http://windowshelp.microsoft.com/Windows/en-us/help/323ef48f-7b93-4079-a48a-5c58eec904a11033.mspx
http://www.bleepingcomputer.com/tutorials/tutorial61.html

4.Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Please, do not post HJT logs to this newsgroup.
Fora where you can get expert advice for HiJack This! (HJT) logs.

http://www.thespykiller.co.uk/index.php?board=3.0
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.tomcoyote.org/index.php?showforum=27
http://www.bleepingcomputer.com/forums/forum22.html
http://www.malwarebytes.org/forums/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29

NOTE:
Registration is required in any of the above mentioned fora before
posting
a HJT log and read the 'stickies' (instructions/guidelines) for the
respective HJT forum.

5.Routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html

Additional references:
How to optimize or reset Internet Explorer 7
http://support.microsoft.com/kb/936213
Applies to: Windows Internet Explorer 7 in Windows Vista

How to use Reset Internet Explorer Settings (RIES)
http://support.microsoft.com/kb/923737
Read: "What you must know"
Applies to: Windows Internet Explorer 7 for Windows XP and
Windows Internet Explorer 7 in Windows Vista

GMER - is an application that detects and removes rootkits.
http://www.gmer.net/index.php

For additional assistance in relation GMER scan results consult either
http://antirootkit.com/forums/index.php?sid=9e746bb696ac0bb38781ffe4361c3a17
--or--
http://www.thespykiller.co.uk/index.php?board=3.0

CCleaner - Free
Cleans temporary internet files, cookies, history, recent urls,
application
MRUs, etc. ...
http://www.ccleaner.com/download/builds/downloading-slim
If Windows Defender is utilized go to Applications, under Utilities
uncheck
"Windows Defender" (so it won't delete the history of WD).
If you wish, click 'Options' button the 'Settings' [check] 'Run CCleaner
when the computer starts'.
Setup CCleaner to Automatically Run Each Night in Vista or XP
http://www.howtogeek.com/howto/wind...-automatically-run-each-night-in-vista-or-xp/

Good luck

--

 

[zirean]

Thank you everyone for your kind support. I will try all the suggestions.
Regards
--
zirean

One reference for this that I was able to spot states that it is a
memory-resident trojan which hooks a Windows process, so that every time
that process is run, the trojan is active.

These can be difficult to remove.

Have you tried restarting the machine in safe mode (by pressing the F8
function key several times as the machine is starting up--before the XP logo
appears?

If you can start the machine in safe mode, please try to clean it using both
Windows Defender and your antivirus application.

If that is not successful, I would recommend either running an online
antivirus scan in safe mode with networking (same instructions as above, but
choose safe mode with networking)--at safety.live.com

Or--calling Microsoft at 1-866-pcsafety if you are in the U.S. or Canada.
If elsewhere, call the nearest phone number for paid support and ask for the
free help with virus or spyware or security patch issues.

I see a thread at bleepingcomputer.com where this is finally fixed by
combofix"

http://www.bleepingcomputer.com/forums/topic193340.html

But I suspect that you will be more comfortable going with the online scan,
or direct phone support from Microsoft.

If you do want to post to a forum such as the one at
bleepingcomputer.com--Kayman has given those instructions as part of his
excellent information.

Hi everyone and thank you for your support. I will try your tip Engel.
I
have real trouble trying to understand Kayman (too much information). As
I
explained, I am not very familiar with computers or terminology and too
much
info can be mindboggling!.

Can either of you tell me what these things are and what they do? How can
I
make sure that I don't get stuck with them again or some similar trojan
and
why won't Windows Defender remove them?
--
zirean

On Wed, 14 Jan 2009 03:18:02 -0800, zirean wrote:

Hi, I am having trouble removing this item from my Windows Vista.
Every time
I start my computer, this message comes up saying that
Trojan:Win32/AgencyBypass.gen!K needs to be removed and is severe risk.
I
remove it and when I restart my computer it comes up again. Windows
Defender
is NOT removing it.
Also when I do a "Cleanup" the TEMP file does not remove JET9980.tmp.
When
I try to do this the cleanup program tells me that it is in use.
What is wrong with Windows Defender and why won't it get rid of these
items.
Can anyone please help me.

1.Clear the (IE) temporary Internet files and the history cache.
Click 'Start' and then click 'Run'... then type (or copy/paste)
"inetcpl.cpl" (w/out quotation marks) into the box, then click the 'OK'
button.
In Internet Properties panel 'General' tab, under 'Browsing history',
click
'Delete...'button, in 'Delete Browsing History' panel, click the 'Delete
all...' button then place a checkmark into the box beside 'Also delete
files and settings stored by add-ons', Click 'Yes' and exit the Internet
Properties panel by clicking the 'OK' button.

2.Clean HDD
Delete files using Disk Cleanup (if on Vista)
http://windowshelp.microsoft.com/Windows/en-US/help/1264bc24-72a8-48aa-84e3-a355327139d91033.mspx

3.Download/execute:
Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
--and--
SuperAntispyware - Free
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

--and/optional--
Kaspersky® Virus Removal Tool
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
http://www.kaspersky.com/support/viruses/avptool?level=2
--and/optional--
Dr.Web CureIt!® Utility - FREE
http://www.freedrweb.com/cureit/
--and/optional--
a-squared (a²) Free or a-squared (a²) Command Line Scanner
http://www.emsisoft.com/en/software/download/
--and/optional--
BitDefender10 Free Edition (*NOT FOR VISTA*)
http://www.bitdefender.com/site/Downloads/browseEvaluationVersion/1/42/
--and/optional
Sophos Anti-Virus (SAV32CLI), is a 32 bit free command line scanner used
in
an emergency as a disinfection utility for Windows NT, Windows 2000,
Windows XP and Windows 2003.
To use the Sophos command line software follow the steps below:
1.Download SAV32CLI
http://downloads.sophos.com/tools/sav32sfx.exe
--and--
extract the contents by double clicking the file.
2.Add the latest IDE (virus definition) files to the folder.
These can be downloaded here
http://www.sophos.com/downloads/ide/
3) Read Scanning Options with SAV32CLI.
http://www.sophos.com/support/knowledgebase/article/13252.html
See removing malicious files with SAV32CLI for basic information on
virus,
spyware, Trojan and worm removal with SAV32CLI.
http://www.sophos.com/support/knowledgebase/article/13251.html

NOTE:
The above mentioned applications are not capable for real-time protection
of your computer; They are on-demand scanners.

Kaspersky® Virus Removal Tool, Dr.Web CureIt!® have no update feature (so
they don't turn into full blown scanners). As soon as your computer is
cleaned you are supposed to remove these tools from your operating system
and revert back to your (updated) resident (real-time) AV application.
Re: Kaspersky® Virus Removal Tool; To uninstall/move this program 'enable
self-defense' must be unchecked!

To scan your computer with the most up-to-date Kaspersky® AVPTool and
Dr.Web CureIT!® virus databases next time you should download new
Kaspersky® AVPTool and Dr.Web CureIt!® packages.

BitDefender10 Free Edition, a-squared Free or a-squared Command Line
Scanner, Sophos Anti-Virus (SAV32CLI) and the free version of
Malwarebytes©
and SuperAntispyware have an update feature; You may wish to keep a
couple
of them installed in addtion to your resident AV/A-S applications and
scan
frequently.

After the software is updated, it is suggested scanning the system in
Safe
Mode (this does not apply to MBAM).
"Malwarebytes actually performs better in Normal Mode" says Dustin Cook,
co-author of MBAM.
How do you boot to Safe Mode?
By pressing/tabbing F8 (or F5 on some keyboards) during re-boot.
A description of the Safe Mode Boot options in Windows XP
http://support.microsoft.com/default.aspx?scid=315222
Start your computer in safe mode (Vista)
http://windowshelp.microsoft.com/Windows/en-us/help/323ef48f-7b93-4079-a48a-5c58eec904a11033.mspx
http://www.bleepingcomputer.com/tutorials/tutorial61.html

4.Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Please, do not post HJT logs to this newsgroup.
Fora where you can get expert advice for HiJack This! (HJT) logs.

http://www.thespykiller.co.uk/index.php?board=3.0
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.tomcoyote.org/index.php?showforum=27
http://www.bleepingcomputer.com/forums/forum22.html
http://www.malwarebytes.org/forums/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29

NOTE:
Registration is required in any of the above mentioned fora before
posting
a HJT log and read the 'stickies' (instructions/guidelines) for the
respective HJT forum.

5.Routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html

Additional references:
How to optimize or reset Internet Explorer 7
http://support.microsoft.com/kb/936213
Applies to: Windows Internet Explorer 7 in Windows Vista

How to use Reset Internet Explorer Settings (RIES)
http://support.microsoft.com/kb/923737
Read: "What you must know"
Applies to: Windows Internet Explorer 7 for Windows XP and
Windows Internet Explorer 7 in Windows Vista

GMER - is an application that detects and removes rootkits.
http://www.gmer.net/index.php

For additional assistance in relation GMER scan results consult either
http://antirootkit.com/forums/index.php?sid=9e746bb696ac0bb38781ffe4361c3a17
--or--
http://www.thespykiller.co.uk/index.php?board=3.0

CCleaner - Free
Cleans temporary internet files, cookies, history, recent urls,
application
MRUs, etc. ...
http://www.ccleaner.com/download/builds/downloading-slim
If Windows Defender is utilized go to Applications, under Utilities
uncheck
"Windows Defender" (so it won't delete the history of WD).
If you wish, click 'Options' button the 'Settings' [check] 'Run CCleaner
when the computer starts'.
Setup CCleaner to Automatically Run Each Night in Vista or XP
http://www.howtogeek.com/howto/wind...-automatically-run-each-night-in-vista-or-xp/

Good luck