i never had any anti spy or anti virus program protection running not to slow down computer and till now i was able to remove any virus or malware I catch. but now i'm in deep s&*t. i opened an email with a christmas greeting and got bunch of crap on my pc... the first change is it identifies 2 identical processors when comp starts. one of them has a * in front of it, like system chooses to use it instead of second one. only internet was slow and gave me critical errors every 5-6 min in the beginning so I was able to download and install some programs - see furhter. but now when windows loads it freezes. you have to wait 2-3 min before anything happens. CPU usage is at 5-20% though. it loads 7-10 instances of iexplore and keeps loading them as you end processes. hijack fnds windows/system32/nvwrbsvr.dll that reappears after restart. loaded in safe mode - it works exactly as in normal. any action causes multiple iexplore in task manager and everything freezes in the end. the following programs were installed , run and didn't help : norton antivirus, panda antivirus, adaware, spybot, spyware blaster, spyware doctor, stinger, registry mechanics. after using all of them i was able to remove some crap, but the main thing is still there. i don't know what nvwrbsvr.dll is, but there is a bunch of them in system folder such as nvwrsda.dll, nvwrsar.dll, nvwrscs.dll etc. i was going to boot from a floppy and try to remove them all from dos? or even try to reinstall bios file since it shows 2 processors? i'm not big professional and definately don't want to take risk playing with bios thing if i don't have to. Does anyone have a magic advise?? i need it desperately. dont open suspicious emails brothers even if you think you can deal with it!!

I hope a lesson or two is learned from this incident, DON"T surf the net WITHOUT an AV program that has constant definition updates. What you need to run is RAVSCAN and make a note of every item found and its location. Then turn off system restore and remove all identified items. You may need to download MoveOnBoot to help remove some that might be in use, there are other helpful utilities from this thread too. -- Have a Happy Holiday --

....."there are other helpful utilities from this thread too"..... -- Have a Happy Holiday --

it was a challenge everytime i had to remove something new. if i find time i'll learn more about this. i'll naturally be more careful now though. i tried to run ravscan and moveonboot 5-6 times. it starts running - then freezes - closes internet explorer window and doesnt let it finish scannning. so looks that i'm done. do you know if any alternative way? i'm writing this mesasge from my buddys pc. there are 2pcs in my appartment. do you know if I could probably download some software from his pc - write it to cd and run on mine, something i wouldn't have to install - i don't think it'll allow me to? or I could try to scan my pc from his pc thru network. i also tried to delete these .dll files from windows console - access is denied. thanks for your help.

Try this Start >> run >> type msconfig and hit ok. Click the startup tab and select disable all, then apply, ok and reboot. Once you get back into windows try the scan again, make sure you turn OFF system restore while doing all this. -- Have a Happy New Year --

I got the same problem and after some hours of analysis, I found out it is a malware. [b]problem: [/b][u][/u] an unknown process were launching multiple iexplore instances trying to connect always the same websites (csebooks.com, laughingsquid.net, nasa.gov, megagaming.com, etc...) i could see this because i am using another explorer such as maxthon and block every connection with iexplore.exe). after some times, dozen of iexplore were running. so to cut off the process, i deleted in the task manager every iexplore instance. but once, you run iexplore again, the problem comes back. [b]solution[/b][u][/u] You can actually detect it using a-squared. The trojan is named something as: "Trojan-Downloader.Win32.Small.acp" or "Trojan-Dropper.Win32.Small.nz". They are run through some .dll files (with a weird name) usually localized in c:\windows Mine were named "czqhqr.dll" and "slkrof.dll" (9 kb) but some other reports differents names. When you look into the file, you see that the program somehow generates some process calling iexplore.exe. Delete these .dll files and check for your registry for: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks They are launched by some lines which refers to these DLL files. I used to autoruns from Sysinternals.com to see it. Also I have found some stranges .exe files that I have removed from C:\windows and present in my registry in: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run check for filenames such as ???srv.exe : mine were xelsrv.exe and lcvsrv.exe I removed them. they might also other malware, i found a file named tmp9992.exe. If you want any details, contact me : http://dly.free.fr

Now would be a perfect opportunity to make the switch to Firefox or Mozilla. Either one will not rob resources like Iexplorer. Also, no pop up or security problems. I still use Iexplorer for Microsoft nonconforming active X controlled pages which are few and far between. --