Hello:

Same problem as Justinvk6 Can you please help

Hello and welcome to Techspot.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of Revman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

ran all the programs

Hi all

Ran all the programs. Norton still picking up the intrusion. Here are the files

Thank you

You didn`t attach an AVG Antispyware log. Please do so in your next reply.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

osCheck.exe
cake 2.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [close surf mail dupe] C:\Documents and Settings\All Users\Application Data\Tick Find Close Surf\Extra Shim.exe

O4 - HKCU\..\Run: [copycoal] C:\DOCUME~1\E8948~1.JOH\APPLIC~1\COOLPH~1\cake 2.exe

O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n033p/EN/install/gtdownlr.cab

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\DOCUME~1\E8948~1.JOH\APPLIC~1\COOLPH~1<Delete the entire folder.

C:\Documents and Settings\All Users\Application Data\Tick Find Close Surf<Delete the entire folder.

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log as well as an AVG Antispyware log.

Regards Howard

This thread is for the use of Revman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

malware

So far so good, thank you very much

I could not find the file c:\docume~1\ . . . though, please let me know how to do it

attatched are the files

Your log files are now clean.

C:\DOCUME~1\E8948~1.JOH\APPLIC~1\COOLPH~1 translates as:
C:\Documents and Settings\E8948~1.JOH\Application Data\COOLPH~1

Delete the bold folder if you can find it.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of Revman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.