Hi I somehow managed to catch a virus I can't get rid of. It has screwed up my control panel. I can easily access the control panel folder, but I can't open any of the shortcuts, and when I right-click them, all I get is "open" and "create shortcut". I also do get annoying pop-ups that seem to be some sort of windows executable. POW doesn't see them. I didn't get those before the virus attacks. AVG Anti-Virus recognized the virusses as: Trojan horse Downloader.Small.6.BA, but it looks like AVG got rid of that one ok. The other one is named: Dropper.Inor, it has been moved to "virus vault". I've run Ad-Aware, SpyBot, SpyWareBlaster and EasyCleaner, but none of those seems to be able to get rid of it. And AVG says my system is clean. So my question is: Is there some way to clean up all the mess the virusses has left me with, and restore my control panel, or do I need to do a format c? Oh, and I've run all the latest updates from Microsoft BEFORE I got the virus. Any help would be appreciated! Thanks

Stubgaard: Did you disable System Restore (dumps the restore points) and reboot? Viruses love to hide in SR. Then go back and rescan your PC--in Safe Mode--with AVG and the rest of the utilities you mentioned. It's a pain in the butt, but trust me, it needs to be done. System Restore files cannot be accessed (therefore cannot be cleaned) while SR is running. Solarian

I have downloader.small.6.ba (detected by AVG) but it can't move it to the virus vault. I have tried disabling system restore and restarting in safe mode, but then when I run AVG, I get "Driver (CORE) not found winerr=2. When I went to C:/windows/msopt.dll (the infected file), a window popped up telling me I have a virus and to run AVG (but of course, AVG still can't deal with it). I am tempted to go back into safe mode and try to rename the file, then delete it, but I really have no idea what I'm doing. Maybe I can't or shouldn't delete the file. Any advice? -Delzen

I also have the downloader.small.ba (tonight) The AVG said it healed it, it reapears... I found and erased the javaaq.dll that a program* warns me is new, and it seems to stay gone, yet I get warnings that 'it' is trying to charge my start page...and I just saw an unwanted page, (1st). I am not sure what advice to follow but plead for help, to narrow the advice down. The program that is keeping the effects at bay, is *Winpatrol, (great "last gasp guard dog" free program, that shows alot of info and asks if changes are wanted... But there is the hidden origional file...(I could not find my msopt.dll, to mess with),(in my almost totally amaturish ways... (I doubt it would erase)...my third virus...and all in a month. Learned finally not to stray. (Advice worked on others). Perhaps I am just being constantlty reinfected...after winpatrol temp. fixs.

I just fought a long battle with downloader.agent.BA. 1st. It kills your AVG core so it will not run. You will have to re-install AVG when you get done. 2nd. The file is randomly named, so you have to note what it is called when AVG detects it. 3rd. You can only delete the file after you remove the Read Only attribute, and you can only do that from a command window. 4th. It writes a line in your registry to enable itself as follows: AppInit_DLLs: C:\WINDOWS\System32\xxxxxxx.dll where xxxxxxx.dll was the filename in my instance. There are 2 ways to fix this, hard and harder: ;^) The hard way is to download the newest (1.98) version of Hijackthis and run it. It will show the AppInit_DLL as an O20 line and you can check it to remove it. You can then use a copy of FINDnFIX to move the file to a junkxxx directory. The harder (manual) way is to open regedit (Run->regedit), back up your registry (file->export->[bkupname]) and then search for the filename (Edit->find->[filename.dll]) and and delete only that value (not the key). Then, you can re-boot, open a command window, change to Windows\system32 and remove the read-only attribute (attrib -r [filename.ext] Then, you should be able to delete the file (del [filename.ext]) and close the command window and re-boot. Re-install AVG, update the virus definitions, and scan. Also update Adaware & Spybot S&D and scan with them. There is a discussion of this process, with my HJT logs on the Computer Cops site here: http://www.computercops.biz/postt56397.html