Hi, the win32.brontok thing downloaded onto my computer and I closed the browser, only to find that I couldn't open it up again. When I opened it it would change the home page to a warning and it asked me to download security protection. Then a few seconds later it shut down. (I didn't click anything or download anything) AVG Free did not find anything, but Malwarebytes did and I have a log if you want me to post it. Also, every few minutes a warning would pop up saying that Windows Firewall detected win32.brontok and it could not fix the problem but I could download something that did. (I didn't download it.) Now it's been about 2 hours and I've just been doing scans, I can get online fine now for some reason, but I want to make sure this thing is gone.

Post malwarebtyes log. -------------------------------------------------

Malwarebytes' Anti-Malware 1.37 Database version: 2234 Windows 5.1.2600 Service Pack 2 6/5/2009 4:54:57 PM mbam-log-2009-06-05 (16-54-57).txt Scan type: Quick Scan Objects scanned: 85831 Time elapsed: 12 minute(s), 39 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Documents and Settings\Rose H\Application Data\Google\Shell32.dll (Trojan.FakeAlert) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nah_Shell (Trojan.Hanam) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\Rose H\application data\Google\Shell32.dll (Trojan.FakeAlert) -> Delete on reboot. c:\documents and settings\Rose H\application data\Google\afuya1119762.exe (Trojan.FakeAlert) -> Delete on reboot. C:\Documents and Settings\Rose H\nah_itvd.exe (Trojan.Hanam) -> Quarantined and deleted successfully.

1) Can you please post your AVZ log: Note: Run AVZ in windows normal mode. If avz.exe doesn't start, then try to rename the file avz.exe to something else and try to run it again. Make sure you have your web browser open in background before following the steps below. i) To create the logfile, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder. ii) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice. iii) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open. Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator. You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click. begin ExecuteStdScr(3); RebootWindows(true); end. Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and paste the link here. Image Tutorial 2) Can you also make a new HijackThis log and upload it to rapidshare.com. HijackThis: Here -------------------------------------------------

http://rapidshare.com/files/2414921... http://rapidshare.com/files/2414940...

Follow these Steps in order numbered. Don't proceed to next step unless you have sucessfully completed previous step: 1) Run this script in AVZ like before, your computer will reboot: begin SetAVZGuardStatus(True); SearchRootkit(true, true); QuarantineFile('C:\Documents and Settings\Rose H\Application Data\Google\afuya1119762.exe',''); DeleteFile('C:\Documents and Settings\Rose H\Application Data\Google\afuya1119762.exe'); BC_ImportDeletedList; ExecuteSysClean; BC_Activate; RebootWindows(true); end. 2) After Reboot. Attach a Combofix log, please review and follow these instructions carefully. Download it here -> http://download.bleepingcomputer.co... Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it. Now, please make sure no other programs are running, close all other windows and pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) until after the scanning and removal process has taken place. Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal. You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed. Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please upload that file to rapidshare.com and paste the link here. -------------------------------------------------

http://rapidshare.com/files/2415195...