Lisa

This seems to be a new infection doing the rounds at the moment. Look in
your HJT log for this entry:

O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe

If it's there, that will be the re-infector. Get a sample of it to Nick for
his definitions. In the meantime, if you start a topic at Geeks to Go called
FAO: Daemon, with a HJT log posted, I'll clean your system.

http://www.geekstogo.com/forum/Malwa..._Here-f37.html


"Lisa Simpson" <none@none.com> wrote in message
news:4593294e$0$8915$4c368faf@roadrunner.com...
>I would if I could, but I cannot get the offending files to reveal
> themselves no matter what I do; all I get to see is the fact that
> secure32.html keeps being set as the default IE page. HJT sees it &
> allows
> me to "fix" it, but a rescan immediately after doing so shows it right
> back.
> Doing everything in safe mode as administrator brings brief relief, but as
> soon as you reboot it's right back. A real bugger, this. I think I'll
> just
> reformat/reload . . .
>
> "Nick Skrepetos" <nskrepetos@yahoo.com> wrote in message
> news:1167240221.916142.284960@i12g2000cwa.googlegr oups.com...
>>
>> Lisa Simpson wrote:
>> > Anybody got a sure fire way to remove this pest? I've tried
>> > hijackthis,
>> > ewido, superantispyware, panda antivirus, xoftspy, avg, & manual
> deletion
>> > from the registry, and it just keeps coming back
>>
>> Submit me a diagnostic using the link below from the infected machine
>> and I will see why we didn't remove it - I don't know of any variants
>> we don't currently remove, and if this is one, I will update our
>> definitions right away.
>> http://www.superantispyware.com/diag....html?id=nicks
>>
>> I would also be careful about using any "batch files" that just delete
>> the files without signature verification and/or quarantining.
>>
>> Nick Skrepetos
>> SUPERAntiSpyware.com
>> http://www.superantispyware.com
>>
>
>
>