So i turned on my pc today to see that my Kaspersky IS has found this and i can not get rid of it. If anyone has any suggestions let me know. SS here http://img244.imageshack.us/img244/...

Please run the following scans and post their logs. Please download Malwarebytes' Anti-Malware from one of these sites: MalwareBytes1 MalwareBytes2 1. Double Click mbam-setup.exe to install the application. 2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. 3. If an update is found, it will download and install the latest version. 4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. 5. When the scan is complete, click OK, then Show Results to view the results. 6. Make sure that everything found is checked, and click Remove Selected. 7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. 8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. 9. Copy&Paste the entire report in your next reply. Please download and install the latest version of HijackThis v2.0.2: Download the "HijackThis" Installer from this link: Hijack This 1. Save " HJTInstall.exe" to your desktop. 2. Double click on HJTInstall.exe to run the program. 3. By default it will install to C:\Program Files\Trend Micro\HijackThis. 4. Accept the license agreement by clicking the "I Accept" button. 5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log. 6. Click "Save log" to save the log file and then the log will open in Notepad. 7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. 8. Paste the log in your next reply. 9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Yea good looks on that. A buddy of mine told me about that a little after i posted it and it found 5 infected files and deleted it. Now i don't know if this is a coincidence or if someone is attacking me but i turned off my virus scanner for like 5 mins and when i came back i had all pop ups all over my screen and the virus was back again. I ran malware and it had picked up like 25 new files. So i don't think i am ever turning off kaspersky ever again.

First Log. Malwarebytes' Anti-Malware 1.31 Database version: 1502 Windows 5.1.2600 Service Pack 2 12/15/2008 1:42:14 PM mbam-log-2008-12-15 (13-42-14).txt Scan type: Quick Scan Objects scanned: 48302 Time elapsed: 2 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 4 Registry Keys Infected: 33 Registry Values Infected: 2 Registry Data Items Infected: 2 Folders Infected: 4 Files Infected: 15 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot. C:\WINDOWS\system32\ssqOFWmn.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\cjzulb.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\opnkjHWQ.dll (Trojan.Vundo) -> Delete on reboot. Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb29c20c-9479-478e-8b46-f0370f471c65} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{eb29c20c-9479-478e-8b46-f0370f471c65} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb29c20c-9479-478e-8b46-f0370f471c65} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4de64ba0-15e5-4796-bbb9-b90f36618028} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4de64ba0-15e5-4796-bbb9-b90f36618028} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{4de64ba0-15e5-4796-bbb9-b90f36618028} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnkjhwq (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa (Trojan.I.Stole.Windows) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{73259091-9574-4ed8-a40f-7f65afc28634} (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ssqofwmn -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ssqofwmn -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Documents and Settings\James\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\ssqOFWmn.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\nmWFOqss.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nmWFOqss.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ljomiint.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\opnkjHWQ.dll (Trojan.Vundo.H) -> Delete on reboot. C:\Documents and Settings\James\Local Settings\Temporary Internet Files\Content.IE5\94K6AK9Y\load[1].exe (Adware.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot. C:\Documents and Settings\James\Local Settings\Temporary Internet Files\Content.IE5\S2XST9V8\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cjzulb.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\qtsyfnau.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\James\Local Settings\Temporary Internet Files\Content.IE5\94K6AK9Y\zc113432[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uanfystq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\James\Local Settings\Temporary Internet Files\Content.IE5\8X7H9YKO\CA01854B (Trojan.Vundo) -> Quarantined and deleted successfully. Second log. Malwarebytes' Anti-Malware 1.31 Database version: 1503 Windows 5.1.2600 Service Pack 2 12/15/2008 8:49:08 PM mbam-log-2008-12-15 (20-49-08).txt Scan type: Quick Scan Objects scanned: 48251 Time elapsed: 4 minute(s), 1 second(s) Memory Processes Infected: 2 Memory Modules Infected: 1 Registry Keys Infected: 11 Registry Values Infected: 5 Registry Data Items Infected: 0 Folders Infected: 3 Files Infected: 12 Memory Processes Infected: C:\Documents and Settings\James\Local Settings\Temp\winvsnet.tmp (Trojan.Dropper) -> Failed to unload process. C:\Documents and Settings\James\Application Data\Twain\Twain.exe (Trojan.Agent) -> Failed to unload process. Memory Modules Infected: C:\WINDOWS\system32\opnNGvTn.dll (Trojan.Vundo) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnngvtn (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\twain (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\All Users\Start Menu\Programs\VirusRemover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully. C:\Program Files\VirusRemover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully. C:\Documents and Settings\James\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\opnNGvTn.dll (Trojan.Vundo) -> Delete on reboot. C:\Documents and Settings\James\Local Settings\Temp\winvsnet.tmp (Trojan.Dropper) -> Delete on reboot. C:\WINDOWS\system32\prunnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\James\Application Data\gadcom\gadcom.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ddcYrQij.dll (Trojan.Vundo) -> Delete on reboot. C:\Documents and Settings\James\Local Settings\Temp\xpre.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\James\Local Settings\Temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\James\Local Settings\Temporary Internet Files\Content.IE5\8X7H9YKO\CAGD4T4F (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\VirusRemover2008\VirusRemover2008.lnk (Rogue.VirusRemove) -> Quarantined and deleted successfully. C:\Program Files\VirusRemover2008\Viruses.bdt (Rogue.VirusRemove) -> Quarantined and deleted successfully. C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusRemover2008.lnk (Rogue.VirusRemove) -> Quarantined and deleted successfully. C:\Documents and Settings\James\Application Data\Twain\Twain.exe (Trojan.Agent) -> Delete on reboot.

When we ask you to turn off your antivirus programs we also ask that you stay offline until you restart the computer or turn the antivirus program back on. The restart usually turns the antivirus program on but always check.If the antivirus/antispyware programs are not off the baddies will not be removed. Once you get SDFix downloaded go offline and turn of your antivirus and any antispyware that you have, run SDFix from safe mode and restart the Antivirus before you get back on line to post the log. Download SDFix.exe and save it to your Desktop. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix or remove some of its embedded files which may cause "unpredictable results". Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. Remember to re-enable the protection again afterwards before connecting to the Internet. 1.Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. 2. Open the c:\SDFix folder and double click RunThis.cmd to start the script. Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. Press any Key and it will restart the PC. 3. Your system will take longer that normal to restart as the fixtool will be running and removing files. When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons. 4. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt