Can anyone help?

  mrbigt 21:52 30 May 2005
Locked

I have a severe problem. My computer has been infected with a worm/trojan. It has hidden the system 32 folder (so no manual editing) and prevented me from using regedit or antivirus scanners (except for Panda, which does not pick it up). The NOD 32 AMON thinks that it is an IRC/SdBot, but it keeps replicating all the infected files, all in windows\system 32. I cannot get rid of it, and have tried manual removal (not possible, as I have mentioned) and a plethora of removal tools.

Also, right clicking or trying to delete certain files (Dawn of War launcher, Acrobat) seems to reset explorer.
Anyone have a good idea as to what is going on?
Thanks.

  stalion 21:54 30 May 2005

If xp scan with this in safe mode
click here

  VoG II 22:27 30 May 2005

Possibly click here

Try an online scan click here

  mrbigt 22:32 30 May 2005

The safe mode scan just appeared to pick up a few cookies.
Nothing in System 32, however.
I forgot to mention- it removed the system tools section of start\accessories as well as windowsz system32.
Removed? Perhaps hidden.
I'll try another scan.

  mrbigt 22:35 30 May 2005

Thanks VoG. I'll try that as well.

  VoG II 22:46 30 May 2005

And click here courtesy of Nellie2.

  woodchip 22:47 30 May 2005
  Number 7 23:55 30 May 2005

Have a read through this thread- particularly the responses from ATNO/TW. click here

Ignore the last posts by ham_bone43.


You can download HijackThis here: click here

Post the log to this forum: click here

  mrbigt 11:51 01 Jun 2005

Thank you Number 7. I'm waiting for a reply from the malware removal forum.

  mrbigt 22:04 02 Jun 2005

Thanks everyone. I'm just sorting out the final few things...

Thank you
Mr Big T


"I AM the fool..."

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

HP Envy x2 review: Hands-on

Iconic New York graphic designer Milton Glaser on his uplifting new subway posters

New iMac Pro release date, UK price & specs rumours

Comment suivre le parcours du père Noël ?