Howard,

I believe the InCD BAK folder still being there may have been my mistake. After I uninstalled Nero and verified that I "could' start in Safe Mode, I never went in and removed the InCD BAK folder. I thought the uninstall would have done that, so I didn't! My mistake.

OK, there was no InCD.exe file, but I found the BAK directory and deleted it. Here's my awf.txt file.

Attached Files

awf.txt (569 Bytes, 2 views)

That`s now clean.

Your HJT log also appears to be clean.

However, in the interests of safety, I`d like you to do the following in order to make sure you have no other nasties lurking on your system.

Go and read the [b][URL="http://www.techspot.com/vb/topic58138.html"]Viruses/Spyware/Malware, preliminary removal instructions.[/URL][/b] Follow all the instructions exactly.

Post fresh [b]HJT[/b], [b][color=red]AVG Antispyware[/color] and Combofix logs as [color=blue]attachments[/color][/b] into this thread, only after doing the above.

[b]Also, let me know the results of the Panda Antirootkit scan.[/b]

Regards Howard

[color=red][b]This thread is for the use of[/color] lemkorusyn [color=red]only. [color=blue]Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our[/color] [URL="http://www.techspot.com/vb/menu28.html"]security and the web forum[/URL].[/color][/b]

Howard,

Wow! That took quite some time, but I followed the instructions to the letter and have finally finished. I have attached the log files for HJT, AVG Antispyware, and Combofix. The results of the Panda Antirootkit scan showed ZERO rootkits found.

Let me know if there is anything else I need to do!

Michael

Attached Files

	hijackthis.log (12.1 KB, 1 views)
	Report-Scan-20071016-003416.txt (688 Bytes, 1 views)
	ComboFix.txt (11.0 KB, 1 views)

Delete all files in AVG Antispyware quarantine.

Your log files are clean.

[b]Turn off system restore.(XP/ME only)[/b] See how [URL="http://www.bleepingcomputer.com/forums/tutorial56.html"]HERE[/URL].

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


If you have any further virus/spyware problems, please post in this thread.

Regards Howard

[color=red][b]This thread is for the use of[/color] lemkorusyn [color=red]only. [color=blue]Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our[/color] [URL="http://www.techspot.com/vb/menu28.html"]security and the web forum[/URL].[/color][/b]

Howard,

I did as you said and turned off and back on the system restore feature. I also created a restore point that I could name myself so I have something to go back to if needed.

You have been a GREAT help to me! This is the most I've ever had to do to remove a virus from my machine. Quite frankly, I don't know how it got on my machine. My kids all swear they didn't download and install anything (who can be sure? ) I have McAfee AV and it's worked wonderfully for many years ... until this Downloader-BEW virus. If you have any information on how this virus might have gotten past my firewall + McAfee AV I'd love to know.

Michael

I don`t know exactly how your system became infected, but I can guarantee it was due to user action.

Read this thread [URL="http://www.techspot.com/vb/topic31474.html"]HERE[/URL] for info on keeping your system more secure.

Regards Howard

[b]This thread is now closed:[/b] If you need this thread unlocking, please pm a moderator with a link to the thread.

[color=red]Only the original thread starter can do this. Anyone else, will be ignored.[/color]