Need Help! Have Trojan???

i am actually confused as to what i actually have on my system.

originally i had a message that read: fatal error in IE has occured at 0028: c0011E36 in vxd vmm (01) + 0010e36. error was caused by trojan - spy.html.smithfraud.c

this appeared on a blue screen on the desktop everytime i loaded it. i found what some others had done and i followed each step, except i didn't have a file called c:\windows\system32\log files it said that file would for sure be there, but it wasn't, so i could not delete it.

after i restarted it in normal mode, the screen was no longer blue with that previous message and it is just a black screen and i can't do anything to it. my ie automatically pops up when the pc restarts and it goes to some search engine that i can't get rid of and keeps coming back after i go to a new site after changing the home page. this was actually on the pc when we got it a month ago, but we followed some directions given to us over the phone and the spy dr. thing got rid of it and all was normal.

out of no where, i was online and all the windows closed and the homepage changed to what i have now (which is what it used to be before we thought it was fixed).

i bought a spyware thing last night and it detects some things, but they come back and one thing won't go away.

now i have these messages

TrojanDownloader.Win32.Agent.bq
processID: "1236" File
c:\windows\winra32.exe others are c:\windows\atlvi.32 , c:\windows\ipgz.exe , and c:\windows\atlip.exe, c:\windows\sdkuh and more continue to pop up even as i write this.

my spyware thing says it detects those and then quaratines them. after i do a scan, these items reappear everytime"

ABetterInternet
folder: c:\documents and settings\amber_taufen\favorites\sites about

CWS.Feads
file: c:\documents and settings\amber_taufen\favorites\only sex webiste.url
file: c:\documents and settings\amber_taufen\favorites\sites about\search the web.url
file: c:\documents and settings\amber_taufen\favorites\sites about\days of free porn.url
file: c:\documents and settings\amber_taufen\favorites\sites about\unsecured bad credit loans.url
file: c:\documents and settings\amber_taufen\favorites\sites about\videos.url

(the list goes on for a while and then changes to KEY

Key:hkey_local_machine \software\microsoft\windows\currentversion\uninstall\hsa

Key:hkey_local_machine \software\microsoft\windows\currentversion\uninstall\se

Key:hkey_local_machine \software\microsoft\windows\currentversion\uninstall\sw

WebSearch Toolbar
Key:hkey_local_machine \software\microsoft\internet explorer\ activex compatibility\ (8952a998-1e7e-4716-b23d-3dbe03910972

And then there is CWS.Feads that will not go away after i do the scan

CWS.Fead
Key:hkey_local_machine \system\currentcontrolset\enum\root\legacy_ (the rest is a bunch of numbers, *, % and some little squares......it won't let me copy and paste so i can't write them on here.


CAN ANYONE PLEASE HELP ME?

 

i don't know what that is.......what is a hijack log? does that mean that i just need to post this message somewhere else?

 

Just out of curiousity, what anti-spyware app. did u purchase?


snowbound

 

i bought etrust Pest Patrol anti-spyware 2005

it says that the items are quarentined, but i scan just seconds after and they are back again. it said that it can't get rid of the cws.fead one. it got rid of the other 45+ things that were on there last night and they don't return

 

CWS has many variants with which some are very hard to ge rid of so your best bet, as Ronjor said, is to post a HJT log at one of those sites and the experts there will help u cleanup your system.


snowbound

 

well, i have already gone to the site he suggested and i will see what happens. thanks!

does anyone know why the same thing would come back on our pc after being gone for 3 weeks?

 

U might want to read this to help prevent further infection,

http://castlecops.com/postlite7736-.html


snowbound