Please Help me !

[SleepyXtreme]

So i got this really bad spam virus and i don't know how to get rid of it.

basically what it does is it has a pop up window that doesn't have a tasbar slot. it's just a floating window with ads in it.

I tried every single program to get rid of it and they don't work.

Now i'm trying to use autoit to maybe find out where it's coming from.

All the info i got is that its class is TN_BROWSER

anyone know what this means?

EDIT: OMFG, I USED GETPROCESS AND WHATNOT TO SEE WHERE IT'S COMING FROM AND IT SAYS EXPLORER.EXE! I'M SO SCREWED anyone know how i further investigate?

Edited July 30, 2007 by SleepyXtreme

[GMK]

Have you tried Spybot Search & Destroy or AdAware?

Edited July 30, 2007 by GMK

[Infinitex0]

Well, just because it says explorer.exe doesn't necessarily mean it is the explorer.exe I've seen viruses that have the process name explorer.exe I suppose you could try any of the above software links.

[Lynix]

  Quote

anyone know how i further investigate?

Format C:

Don't worry that it show's something with Explorer.exe. Normally you can repair everything with your Windows-Installation-CD.

Do you have an updated Scanner?

Edited July 30, 2007 by Lynix

[DW1]

use a program called, Hijackthis to create a log of your pc. Submit this log to any of the many free hijackthis forums out there for further assistance

[Info]

Kaspersky Anti-Virus ---> The best one.

[SleepyXtreme]

I've used all of those, it's not detecting it.

Best program there is is hitman pro. it an autoit lover's dream for virus scanning. it goes through 3 or 4 scanners. it downloads, installs, and scans and fixes.

[lordofthestrings]

hitmanpro is one of the better AutoIt demonstrations..

(written completely in AutoIt.)

[qazwsx]

If those don't work you could get process viewer. And then see if explorer.exe is running twice. And then get the source of the fake explorer.exe and fix it manually.

[smashly]

SytemInternals ProcessExplorer..

At least with it you can actually close handles from threads that are running..

This way you can hopefully terminate the entry point and rectify the problem while the system is running.

What OS are you running?

If it's NT based is your user account a primary built in admin account? (not good if so)

Booted into safe mode to run your scans?

Have you compared your explorer.exe against a verified explorer.exe for path, version, crc, signature.. etc?

If your using XP have you got SFC on or off , Using System restore (hope not)?

.....

[ashley]

follow the path it give u and delete it

[Bert]

PM me with all the info you have, and I will help you clean it. I do stuff like this all the time for folks.

I will need the log when you run hijackthis. include it as a attachment.

Also, what OS are you running? You may be able to run a System restore unless the infection has trashed the restore folder.

[DW1]

@Volly, I already tried to get him to submit a hijackthis log, and he didn't do it. I use the same method for virus removal for other people.

[Bert]

Well, I can lead him to the water, but if he doesn't want to drink, that is his choice. He did start this thread after all

[SleepyXtreme]

Sorry, i work at night so i only get to look at the forums when i get home.

I'll pm you the results volly .

also, i'm on xp pro