It all began with the Trojan Downloader -2388 A.K.A JS_Wonka and Trojan.Downloader.JS.Small.dn. Iv'e tried to get rid of it but just can't, mainly because the only thing that traces it is ClamWin. I've scanned it with Spybot S&D, AVG Rootkit, AntiVir, Adware 2007, Counter Spy and still get nothing. Here is the first log with ClamWin Scan Started Sat Jan 05 09:03:26 2008 --------------------- WARNING: Can't open file \\?\C:\Documents and Settings\Johnny\Local Settings\Temp\hsperfdata_Johnny\2396, Permission denied WARNING: Can't open file \\?\C:\Documents and Settings\Johnny\Temporary Internet Files\Content.IE5\KMO9KZ65\s%2526search_query%253Dmugen%252520cheap%2526search_sort%253Drelevance%2526search_category%253D0%2526search%253DSearch%2526v%253D%2526uploaded%253D%2526filter%253D1%2526page%253%253.ŒÌ”Ì”/@@, No such file or directory WARNING: Can't open file \\?\C:\Documents and Settings\Johnny\Temporary Internet Files\Content.IE5\XABTD24A\s%2526search_query%253Dmugen%252520cheap%2526search_sort%253Drelevance%2526search_category%253D0%2526search%253DSearch%2526v%253D%2526uploaded%253D%2526filter%253D1%2526page%253%253.ŒÌ”Ì”/@@, No such file or directory WARNING: Can't open file \\?\C:\hiberfil.sys, Permission denied WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied Scanning aborted...( I clicked cancel by mistake :P ) C:\Documents and Settings\Johnny\My Documents\My Completed Downloads\frostwire-4.13.2.windows.exe: Adware.Fakealert-21 FOUND C:\Documents and Settings\Johnny\Temporary Internet Files\Content.IE5\UJM56TQH\translate_c[3].htm: Trojan.Downloader-2388 FOUND C:\Program Files\FrostWire\Uninstall.exe: Adware.Fakealert-21 FOUND ----------- SCAN SUMMARY ----------- Known viruses: 187066 Engine version: 0.91.2 Scanned directories: 5695 Scanned files: 72412 Skipped non-executable files: 1275 Infected files: 3 Data scanned: 33653.70 MB --------- Cancelled --------- I then cleaned my system with C-cleaner, getting rid of all my cookies, Temp Internet stuff and etc and scanned it again. Now ClamWin didn't pick up the Downloader and just left the Infected Frostwire message. So I hunted the two down and removed then deleted Frostwire and Frostwire uninstall. Also, while I was scanning the second time AntiVir found a new threat called " EXP/MS06-001.WMF." Also known as EXPL_WMF.Gen. Is there anyway to fix this? Also, as a side note I ran Spybot again and one of the things it found was a file called " Trojan Guarder." Which leaves me to believe that the Trojan Downloader is still tucked away in my system, that and the fact that new threats are comming up.

Trojan Downloader http://www.google.com.au/search?hl=... I use this, run ClamWin after a reboot & use google to find fixes for what remains. BOClean http://www.comodo.com/boclean/bocle... Forum http://forums.comodo.com/index.php

Ok, I'll try this out tomarrow and let you know what happens.

Ok, heres my ClamWin log. Scan Started Tue Jan 08 13:20:15 2008 --------------------- WARNING: Can't open file \\?\C:\Documents and Settings\Johnny\Local Settings\Temp\hsperfdata_Johnny\2240, Permission denied WARNING: Can't open file \\?\C:\hiberfil.sys, Permission denied WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied WARNING: Can't open file \\?\C:\WINDOWS\SoftwareDistribution\EventCache\7D08C80F-BB08-4DA9-8EA0-A840DEAA65E7.bin, Permission denied WARNING: Can't open file \\?\C:\WINDOWS\system32\drivers\sptd.sys, Permission denied ----------- SCAN SUMMARY ----------- Known viruses: 190689 Engine version: 0.91.2 Scanned directories: 8214 Scanned files: 84544 Skipped non-executable files: 807 Infected files: 0 Data scanned: 45560.56 MB Time: 20486.658 sec (341 m 26 s) --------- Completed --------- And I didn't get a report from the other cleaner you suggested, though by the looks of it would seem that it was made to stop stuff from getting downloaded rather than act as a scanner. I tried looking up the solution on Google with the link you provided but still found nothing. So did I some how get rid of it? I'm pretty skeptical that all I had to do was delete my Frostwire and some Temp internet files + cookies to get rid of a Trojan Downloader and all the little friends that it brought with it.

Use HiJackThis to track down or check for possible infections. Here is all the the info needed to empower yourself, anything / nasties you are not sure of, put into a search engine like GOOGLE. Read these links 1st, they show what to do, step by step before using HiJackThis. http://www.wilderssecurity.com/show... http://forums.maddoktor2.com/index.... Windows XP Cleaning Procedure http://forums.majorgeeks.com/showth... Vista Cleaning Procedure http://forums.majorgeeks.com/showth... Or, 5 Step Process http://www.techsupportforum.com/sec... Important: Create a specific folder on your hard drive called HijackThis to keep its backups. You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HijackThis. Download and unzip HijackThis.exe into this folder. http://www.trendsecure.com/portal/e... Or, http://www.merijn.org/downloads.html Or, http://tomcoyote.com/hjt/ Or, http://www.spywareinfo.com/~merijn/... If possible run HJT in Normal mode ( not Safe ) with all your normal startup's working. HijackThis Tutorial - How to Analyze your own log. http://spywarewarrior.com/viewtopic... http://hometown.aol.co.uk/jrmc137/h... http://www.bleepingcomputer.com/tut... http://www.malwarehelp.org/understa... http://www.extradisambiguator.co.uk... HijackThis log file analysis ( online ) http://hijackthis.de/index.php?lang... Malware Prevention: Prevent Re-infection http://wiki.castlecops.com/Malware_...