Ok i have been removing trojans and viruses for years, i consider myself pretty good at it, i use a variety of tools mostly under a pe enviroment. but i have come across the first one today that i cant fix. either its the slickest virus ever or i am being profoundly dumb and missing something staring me in the face.
nothing in hijackthis that doesnt make sense, full spybot under winpe and full avg under pe and in windows.
it just keeps giving me popups, porn, indian radios, etc.
the only thing that might be a clue is that it renamed a bunch of files, adding a space between the filename and the dot. like alot of regular system files like
smaxpnp4 .exe <- notice the space in all of these
msmsgs .exe
sisraid .exe
etc, etc, now sisraid is not very common, i doubt the virus would target that.but i found every file with a space in the name and deleted it, strangely none of them were important.
i do have avgcc.exe
and avgw.exe
but i believe that is from the new avg network edition i just installed.
anyweays this is driving me nuts, let me know what you would like to see, there isnt much in hijack log but if you want me to attach it np.
EDIT: two things, 1, i am attaching hijack this log since of course your gonna want it
and 2) the popups only load in IE, even though firefox is deault web browser as of now. also this system is xp sp1.
nothing in hijackthis that doesnt make sense, full spybot under winpe and full avg under pe and in windows.
it just keeps giving me popups, porn, indian radios, etc.
the only thing that might be a clue is that it renamed a bunch of files, adding a space between the filename and the dot. like alot of regular system files like
smaxpnp4 .exe <- notice the space in all of these
msmsgs .exe
sisraid .exe
etc, etc, now sisraid is not very common, i doubt the virus would target that.but i found every file with a space in the name and deleted it, strangely none of them were important.
i do have avgcc.exe
and avgw.exe
but i believe that is from the new avg network edition i just installed.
anyweays this is driving me nuts, let me know what you would like to see, there isnt much in hijack log but if you want me to attach it np.
EDIT: two things, 1, i am attaching hijack this log since of course your gonna want it
and 2) the popups only load in IE, even though firefox is deault web browser as of now. also this system is xp sp1.