My sons computer got infected with viruses, where the clock should be it said VIRUS ALERT! and he lost a lot of icons on the desktop and the start menu, including My Computer. AVG also found infected files.

I ran through your excellent 15 step virus removal instructions and I think the system is clean now. Everything seems to work normally.

The only mistake I made was forgetting to disable the Teatime Protection with SS&D, I hope that hasn't ruined the cleaning process.

I am posting my hijackthis, ComboFix and SAS logs for inspection to make sure.

Panda Antirootkit returned no rootkits found.

I am grateful for all feedback.

Torbjörn, Sweden

Attached Files

	Combofixlog.txt (13.5 KB, 1 views)
	hijackthis.log (11.0 KB, 4 views)
	SUPERAntiSpyware Scan Log - 08-16-2008 - 18-25-58.log (33.7 KB, 3 views)

Hi :

Usually when you see a "Virus Alert", it means you have a "Rogue" program and
the best program to deal with those is the FREE Version of "Malwarebytes'
Anti-Malware", which we usually recommend be run & available at
www.malwarebytes.org/mbam.php ; even though you ran SUPERAntiSpyware & it
found quite a bit, would be wise to be through & run the Malwarebytes program .
I noticed your Sun Java is slightly outdated, a security risk; best to have ONLY the
latest version by uninstalling ALL "old" versions, then going to www.java.com for
the Latest . Also the Adobe Reader is outdated, another security risk ; since this
program is under contant attack by malware, would be wise to uninstall it and
seriously consider the alternative "Foxit Reader", with Info at
http://foxitsoftware.com/pdf/rd_intro.php .

NOTE : Both Ad-Aware AND Spybot are no longer top antiSPYWARE programs.

Ok, thanks, I have downloaded the latest Adobe and Java updates and have removed the old ones.

I just discovered however when I changed to my sons identity on the computer that the original problems with VIRUS ALERT where the clock should be, missing icons on the desktop and lots of things gone on the start menu as My computer, Control Panel, Search and so on was still there on his identity.

My identity is ok, everything works from there, looks ok from there, and it was from my identity I did all the cleaning operations.

Got a bit nervous when I saw that... but luckily my identity still looks ok. But this must mean something bad still is in there somewhere.

What to do???

I fixed the problem with my sons identity, his desktop with SmitFraudFix

I also found out that AVG found four Trojan Downloaders in System Restore (C:\System Volume Information\_restore..........dll, one of them .exe) when it scanned overnight.

In another thread I found out that I should disable System Restore to get rid of this and then reset System Restore, this as soon as I was sure the computer was clean.

So - I would greatly appreciate if somebody with knowledge could inspect the files I attached to my first post!