I posted this elsewhere, but I believe that it is a new threat; I am not a tecchie type, but would like to save Windows if possible or at the very least try to explain what happened to more knowledgable folks in the hope that I can help prevent this from happening to somebody else: My twelve year old child was sent a link through Instant Messenger on June 25 at about 6 PM; he clicked on it and no longer has a functioning computer. I believe that this is a new bug, as I have seen other posts that sound familiar on spywareinfo.com My son has Win98 and the other poster has XP. This is what I know: There was a "search bar" that loaded right on top of the bottom task bar, not connected to the browser. Ad-Aware froze up and would not run, but Spybot ran. Although he had Spywareblaster installed, which has kept everything out since we downloaded it, Spybot found 13 "problems". I found a folder called "Web Rebates" in Program Files and cleaned that up. There were all sorts of shortcuts to ads on his desktop. I cleaned that up and ran Norton AV 2003. It found three Trojan horses, two of which it cleaned and one of which it quarantined. Like an idiot, I did not write down the names of them because I figured the problem was fixed. I tried to open a text file and found that NOTEPAD.exe was gone; no, not the shortcut, but the program itself. History in IE shows an enormous collection of porn sites since 6PM, but fortunately my son says that they did not actually display. He was up trying to fix the problem himself until 3 AM. I have been working on it myself since 10 AM. Whenever we reboot, Spybot finds PeopleOnPage HKEY_LOCAL_MACHINE\software\Envolo in the registry, so it is obviously re-installing itself. The WEB REBATES!!!! folder has also reappeared although I sent it to recycle bin. When I right-click on this folder, the machine freezes up. I was unable to get into Safe Mode until last night, when I finally succeeded using msconfig after removing three more trojans with Trojan Remover. I was then finally able to get an Ad-Aware scan done, which found another registry key modification. After deleting that, I was able to get AdWatch to run, and it went wild with modifications being made to the registry by: Windows/System/ 2Y#N#@Q5GK@7K@ which I just renamed in RegEdit.The right-click function returned on Safe Mode and I found many, many new files in the Windows/System folder that had been created during the time since my son clicked on the link. This post is long enough and garbled enough, since I didn't get much sleep last night, but if anyone is interested in viewing his original HiJack This log, I posted it here: http://forums.spywareinfo.com/index.php?act=ST&f=30&t=10779 The machine was networked and is now disconnected from the internet;I would like to find out more about this problem before I give up, reformat and start fresh. My son needs the computer for school. Thank you for your time, and please let me know if there is any other information I can provide that might be of help to others. There are only two explanations for how I could do that with such an obsolete and underpowered computer. One is that I was too stupid to know it was impossible. The other is that she has a loving and

Update: Trojan Hunter found seven more separate trojans. That makes a total of thirteen that were located with existing programs. I can no longer find the abovementioned registry key in regedit, although Ad-Watch popped up one more time after the Trojan Hunter fixes to say thet it still existed and made a modifications. I ran scanreg/fix in msdos mode, if this makes any sense to anyone, to try to rebuild the registry. Windows claims that it was successful, but I still can't get the right-click menu in normal mode. One of the trojans WAS a password hacker, so I am just grateful that the computer that became infected was used by a child and did not have any information on it such as credit card numbers. Again, this machine is needed for school and will probably be reformatted because I do not have the knowledge to fix such a major problem or the money to pay somebody else to do it for me. Please let me know if there is any more information I could provide to prevent a larger catastrophe in somebody else's life.

I have a suggestion for your massivly infected machine. Computer cops is the best source for something like this obviously or annoyances.org. However If you can start up windows still the problem is more than likely you only have one virus on your machine this entries into various places which you have researched should give you an idea of where it lies. Try some basic ways to get rid of this including Run an IDE utility. In XP this is done by hitting F12. If this utility does pass more than likely you are facing spyware as opposed to a virus. Also try contacting Norton you can email them for help which may be the best the world has to offer. If neither works their is a common horse which has been giving alot of people trouble out now DSO Exploit their are two ways of getting rid of this currently (despite the hipe) find the problem do you have system restore? check your regstry. Or if it is possible rename the program in your spyware hunting programs for some reason (unknown to all) some utilities seem to have a problem deleting a name of a program. If all else fails try fresh UI which is available free from the fresh company I do not reccomend this however because although I am knowledgable on similar situations if it gets this bad its obviously out of my league.