Here's the Background on the problem.
Computer: Custom-built (Jan 2006), Intel Celeron CPU 2.53 GHz, 736MB RAM, XP Home SP3
Users: Chuck (admin), Joey (limited), Lucy (limited), Teresa (limited), Guest (limited)
Browsers: IE7, Firefox 3.6.2, Google Chrome 4.1.249.1042 (Chuck only)
Situation:
Lucy was viewing Facebook pages on the afternoon of 03/26/2010 using Firefox when program boxes started opening, warning her about possible virus attacks. She called Chuck, who looked at the boxes which resembled Windows Security Center but referred to "XP Security" and talked about registering and installing updates to cure the attacks. Looked fishy to Chuck, who closed the boxes with the upper-right-corner x close. On another computer, Chuck googled "xp security" and came up with many references to "xp security center" as malware/scareware. The references stated that Malwarebytes' Anti-Malware could fix the problem. Chuck downloaded M-A-M on the problem computer under his admin login, installed it, and ran it, yielding the first M-A-M log attached (mbam-log-2010-03-27...). Chuck logged onto Lucy's account and relaunched Firefox. Again the malware program boxes opened, along with an icon in the system tray similar to that of Windows Security Center, warning of vulnerability to attack. Soon thereafter, AVG9 opened (Resident Shield?) and warned of trojan horses present and being quarantined. Chuck logged off from Lucy's account and left the computer untouched for the rest of the day.
The next morning (03/27/2010) Chuck logged on his admin account, ran AVG9 full scan, which found 2 trojan horses. Chuck moved these to the virus vault, then logged onto Lucy's account and found that none of the programs would start from the quick launch bar (Firefox) nor from the start menu -- the Windows "Open With" program box would launch, listing the selected program's exe file and asking what program to use to open the exe with. Chuck realized that the problem was far from solved (!!!). Chuck shut down the computer and told the other users not to mess with it. However, that evening Teresa apparently used the computer with no problems in her user account. Hence the infection seems to be confined to Lucy's user account.
On 03/28/2010 Chuck followed the 8-step process to yield the attached logfiles. Chuck also transcribed the AVG9 virus vault listings into a txt file, which is also attached for informational purposes.
This thread is being sent now from the problem computer under Chuck's admin user account.
I (Chuck) would appreciate all the help you can offer to clean up this situation. I look forward to your responses. Thanks in advance for your help.
Computer: Custom-built (Jan 2006), Intel Celeron CPU 2.53 GHz, 736MB RAM, XP Home SP3
Users: Chuck (admin), Joey (limited), Lucy (limited), Teresa (limited), Guest (limited)
Browsers: IE7, Firefox 3.6.2, Google Chrome 4.1.249.1042 (Chuck only)
Situation:
Lucy was viewing Facebook pages on the afternoon of 03/26/2010 using Firefox when program boxes started opening, warning her about possible virus attacks. She called Chuck, who looked at the boxes which resembled Windows Security Center but referred to "XP Security" and talked about registering and installing updates to cure the attacks. Looked fishy to Chuck, who closed the boxes with the upper-right-corner x close. On another computer, Chuck googled "xp security" and came up with many references to "xp security center" as malware/scareware. The references stated that Malwarebytes' Anti-Malware could fix the problem. Chuck downloaded M-A-M on the problem computer under his admin login, installed it, and ran it, yielding the first M-A-M log attached (mbam-log-2010-03-27...). Chuck logged onto Lucy's account and relaunched Firefox. Again the malware program boxes opened, along with an icon in the system tray similar to that of Windows Security Center, warning of vulnerability to attack. Soon thereafter, AVG9 opened (Resident Shield?) and warned of trojan horses present and being quarantined. Chuck logged off from Lucy's account and left the computer untouched for the rest of the day.
The next morning (03/27/2010) Chuck logged on his admin account, ran AVG9 full scan, which found 2 trojan horses. Chuck moved these to the virus vault, then logged onto Lucy's account and found that none of the programs would start from the quick launch bar (Firefox) nor from the start menu -- the Windows "Open With" program box would launch, listing the selected program's exe file and asking what program to use to open the exe with. Chuck realized that the problem was far from solved (!!!). Chuck shut down the computer and told the other users not to mess with it. However, that evening Teresa apparently used the computer with no problems in her user account. Hence the infection seems to be confined to Lucy's user account.
On 03/28/2010 Chuck followed the 8-step process to yield the attached logfiles. Chuck also transcribed the AVG9 virus vault listings into a txt file, which is also attached for informational purposes.
This thread is being sent now from the problem computer under Chuck's admin user account.
I (Chuck) would appreciate all the help you can offer to clean up this situation. I look forward to your responses. Thanks in advance for your help.