I kept trying to get in safe mode - on the 5th time, I just run ewido in normalk mode - i was informed that safe mode is the safest way, so presumed if safe mode wasnt working then I'd have to run it without it?
I rebooted again and managed to get into safe mode, which is when I run ewido again.
I took your instructions to paste that file and I did that.
When I downloaded fixwareout, I didn't see any concrete instructions on how to run it? so am not sure if i posted the full log?
I fixed all the hjt entries you told me but they still seemed to come back?
The 'last instructions' i referred to were
The sticky on here is quite confusing to non techy people - it appears to consist of a lot of info, but doesn't give a definitive order to which these steps should be taken. It mentions hiding ops and enabling hidden files but doens't tell you exactly when you should do it? I'm probably wrong but thats the way it I'm reading it!Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal
I'm just run http://virusscan.jotti.org/
Heres the info
Service load: 0% 100%
File: cseix.exe
Status: INFECTED/MALWARE
MD5 4ec349a0d45a6ee6b8c2e0dbd9b83886
Packers detected: PE-CRYPT.POLYCRYPTA
Scanner results
AntiVir Found Heuristic/Malware (probable variant)
ArcaVir Found nothing
Avast Found Win32:Agent-AVO
AVG Antivirus Found Downloader.Agent.FCQ
BitDefender Found Trojan.Downloader.Mohbpork.A
ClamAV Found Trojan.Downloader.Agent-657
Dr.Web Found Trojan.DnsChange
F-Prot Antivirus Found Possibly a new variant of W32/SecRisk-ProcessPatcher-based!Maximus
Fortinet Found W32/Agent.UJ!tr.dldr
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Agent.uj
NOD32 Found a variant of Win32/Small.FB
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found Trojan.DownLoader.10960
I'm sorry, I've had malware problems before but this one seems ridiculously complex, particularly as my pc wouldnt even allow me to run safe mode for so long. I appreciate what you're doing massively though.
Progress UPDATE - I ran fix although the only log that appears is yesterdays and i cant locate any more for fix?
I rebooted in safe mode then run ewido. It cleaned the agent uj trojan, here's the report;
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:32:10 09/08/2006
+ Scan result:
C:\WINNT\system32\cseix.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
::Report end
I am now able to run adaware (which is clean) and the speed of my surfing has improved!
Well done you!
I have since trued that jotti scan and the CSEIX.EXE file you asked me to locate, cannot be found - i presume this is a good thing?
Do I run hjt in safe now? Im so damn confused! I'll await your instructions.
Thanks a million for your patience!
