When dealing with a persistent virus / trojan you need to delete system
restore points not use them as they will contain the virus and put it
back into your system. Also run your anti-virus with updated definitions
in safe mode. Sometimes you need to run an anti-virus from a floppy and
Trend offer one that can be used.
Create a new folder named Sysclean (e.g., C:\Program files\Sysclean, or
just a desktop folder).
Download Sysclean.com (
http://www.trendmicro.com/download/dcs.asp) and
place it in this folder.
Download the latest Controlled Pattern Release zip
(
http://www.trendmicro.com/download/pattern.asp, e.g., lpt123.zip) and
extract its contents to the same folder. See the Readme text file for
additional instructions.
Delete Temporary Internet Files (IE Tools>Internet Options>General)
accepting the option to delete all offline content. Reboot and delete
contents of all TEMP folders and then your Recycle Bin.
Close all running programs including your anti-virus application, go
offline, and run Sysclean. For best results, do nothing with the machine
until the scan completes.
If the scan shows any infections in System Restore files and you're
running WinXP, create a new Restore Point
(Start>Programs>Accessories>System Tools>System Restore), then delete
all but the most recent Restore Point (Start>Programs>Accessories>System
Tools>Disk Cleanup>More options).
Work through the spyware removal programmes etc in turn in safe mode
until you get no results.
Afterwards, update your own anti-virus application and perform another
full system scan.
Finally run HijackThis and post the HijackThis log to the HijackThis
forum here:
http://aumha.net/
You will need to register with Aumha to be able to post.
--
Hope this helps.
Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA
Using invalid email address
Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
Please tell the newsgroup how any
suggested solution worked for you.
~~~~~~~~~~~~~~~~~~~~~~~~
