cant get rid of these damn viruses

these viruses are affecting both my logins for win xp home, but one suffers alot more than the other. I can see that 3 programs have been installed on the comp, all with weird names, from what i can tell the one keeps loading forms that i cannot close, it does this until all resources are taken up and the comp is unuseable. My browser has been hijacked and every page connected with IE settings, e.g. startpage, searchpage have been changed. I have tried using a virus program (antivirxp), hijackthis, ad aware, spybot S&D CW shredder, but all fail to get rid of the viruses. When i did the virus check with antivir it detected somewhat 30 trojans but all could not be deleted because some were in archives or something. Also even more annoyingly on the login profle that is most affected the desktop background has been changed to some sort of html page that has some text about spyware and directs me to a site about a getting rid of files on ur comp, also somehow all of the programs etc. in the recycle bin have been hidden and when i try to delete things it tells me that there are 19 items to delete, i click delete and exited out of the recycle bin, but it still showed that the bin had items in it so i went back in and clicked on empty and it still said there wee 19 items in the bin? so somehow i cant delete any files, and just recently i tried to acces google and it couldnt find the website requested, but the internet is still working because i could go to my hotmail inbox through via msn messenger, so somehow the viruses have disabled access to the web through IE. I havent got a clue what to do

 

Have you tried running your av in safe mode, if it detects anything it might be able to delete them in safe mode.

bigc

 

how do i run antivir in safe mode ? also im not sure how to get this laptp to start in safe mode, it just boots to windows straight away

 

Safe mode,

http://www.computerhope.com/issues/chsafe.htm

Once you're in, just run your AV and see if u can delete the malware.

Another option is to try our General Cleaning Instructions,

https://www.wilderssecurity.com/showthread.php?t=50662



snowbound

 

k tried the safe mode thing, didnt really help i dont think, most of the things are in archives that cant be deleted. These are some of the names that came up, classloader[1].jar, classload[2].jar, classload[3].jar, classload[4].jar, freemovies[1].jar, loaderadv314[1].jar, loaderadv410[1].jar, loaderadv467[1].jar, loaderadv467[2].jar, loaderadv453[1].jar, loader493[1].jar, all of these said "archive contains one or more infected files and could not be deleted".

 

Turn off your System Restore, reboot, do another scan and let us know if the malware is still present.

If your not sure, here's how to disable it,

http://www.pchell.com/virus/systemrestore.shtml



snowbound

 

shall i do the general cleaning thing ?

 

Try what i suggested in my last post first. If not successful go ahead with the General cleaning instructions. I have a hunch disabling System Restore will clear some of them.



snowbound

 

just finished the first go at doin the cleaning, cant do the virus test online thogh cuz i keep gettin IE errors and hav to close.

 

This issue has been seen with some computers, try the other link in the same step, you will see other online scanners.

Cheers

 

ive done the general cleaning thing 3 times now, i think it has gotten rid of some stuff, but some of the stuff is still there including the browser hijack that i cant get rid of, some f the virus names i gt off the scanner are, JS/open connect.J.3, TR/Forten.Java.2.B, Java Byte Verify, TR/Dldr.openconn.F and Dldr.P-Woods.2, i still cant see any items in the recycle bin and am unable to delete them, and these applications are still on my comp, also in my windows/systems32 folder. U can see the bad apps in the attachment. gjhjhkl, jgkn, sxfghkjkh

 

k i know the 3 bad applications in the screen shot are called, winhost.exe, ibs.exe, and guard.exe.

 

Hi Maxedracer, as General Cleaning hasn't been able to resolve your issue, you will need to download and run “Hijack This” found here and post your log at one of the forums found at A-SAP.

The two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: SpywareInfo.com and CastleCops.com. Be sure to read their posting policy in the links at their log review forum sections prior to posting.

Once your system is clean I would suggest taking a look here: Why did I get infected in the first place? Also, for further discussions on security and how to make your system that much stronger, see here and here

Cheers

Blackspear.