Thanks Mike. I'll definitely look into those programs. Looks like there are more and more comming down with the infection. This thing is spreading like wildfire.

I'm running my other safemode scans right now and will post the logs when I'm finished.

10-4!

Mike

Here are the MBAM logs from my safemode scan.

hijackthis - 5 (Safe Mode).log
mbam-log-2008-11-12 (19-00-48) Safe Mode.txt

Now I'm going to reboot into safemode and run SAS and post logs.

OK Man

I think you have but recheck

Back to normal mode.

Because it found and cleaned items then you need to run MalwareBytes until it comes up clean.

Same for SAS.

Run HJT last post all logs.

Mike

Ran all scans again in normal mode until they came up clean.

Here are the logs.

hijackthis - 6 (Normal Mode - Final).log
mbam-log-2008-11-14 (09-15-04) Normal Mode Final.txt

SAS found nothing in any of the last three scans.

Everything has been running normal, except for a couple warnings yesterday from Norton that mentioned that IEDefender was caught and fixed.

Could I still have a peice of something that's trying to download this?

Hi Jason

OK later as you run mbam and sas every 2 weeks or so once one comes up clean no reason to run it more in that session.
Yes it is possible so to that end.

Do this:

Reboot open nothing else

Download SD Fix to Desktop among other things it runs GMER and Catchme to look for RootKits.

http://www.downloads.andymanchesta.c...ools/SDFix.exe
or
http://download.bleepingcomputer.com...esta/SDFix.exe

On Desktop run SDdFix It will run (install) then close.

Then reboot into Safe Mode

As the computer starts up, tap the F8 key several times.

On the Boot menu Choose Safe Mode.

Click thu all the prompts to get to desktop.

At Desktop
My Computer C: drive. Double-click to open.

Look for a folder called SD Fix. Double-click to enter SD Fix.

Double-click RunThis.bat. Type Y to begin.

SD Fix does its job.

When prompted hit the enter key to restart the computer

Your computer will reboot.

On normal restart the Fixtool will run again and complete the removal process then say Finished,
Hit the Enter key to end the script and load your desktop icons.

Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
Copy and paste the Report.txt file to your next post.
----------------------------------------------------------------------------------------------------------------------------------

Reboot again and do nothing but this..

ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: http://subs.geekstogo.com/ComboFix.exe

Or here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click combofix.exe follow the prompts.

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall

This will take some time!!!!!!!!

Mike

Thanks

I'm about to complete your steps.

FYI, I just ran XsoftSpy and found an "AceSpy" infection. It feels like I'm wide open and something is exploiting some open port. Any ideas?

Lets see the results from these 2. Xsoft is good but finds a lot of false positives especially on a computer that has some cleanup tools.

I advise these:

I have been using ThreatFire for more than a year it just went from ver 3 to ver 4.

It was designed to co-exist with other Virus scanners.

Additionally it uses totally different process to protect. While conventional Virus scanners work from definitions ThreatFire works on recognizing Virus/Malware activity. It's like looking at it with 2 sets of eyes and from a different angle.

http://www.threatfire.com/Download/

Look at http://www.javacoolsoftware.com/spywareblaster.html

Run SpyBot ocassionally and use the Immunize function.

Hostman http://www.abelhadigital.com/2008/07...-released.html

Mike

Mike, FYI,
SDFix & ComboFix include CatchMe by GMER, Neither tool runs gmer.exe

The few boards I've checked, I have not found out much about using it (gmer.exe). It is analyzed by "trained" specialists.
Rich

You are right I knew that, I guess I mentally associated Catcheme with gmer when I wrote my template.

Thanks for keeping an eye on me I need it for sure. At 64 years old I have some CRS, plus I have forgotten more about computers than a lot know. In fact quite often I don't think I know something at first but in delving in it comes back.

Thanks,
Mike

Sorry I'm just now checking back in, but my infection was on my work computer.

I'll run ComboFix and XSoft and post logs in a bit.

Guys, thanks again for all of your help. It looks like this virus is keeping you VERY busy.