After running a virus scan using the trial version of Trojan Hunter, it found 3 Trojan viruses that it was unable to clean up (i think this is because they were in active locations). I read around and found out that cleaning them up in safe mode may help. In safe mode however, my mouse i disabled (i think this is because it is USB). My keyboard does work but i cannot get around Trojan Hunter's 'subscribe now or continue evaluating' box that pops up (probably due to my poor keyboard skills). If i got a non-USB mouse would it be enabled? Also, does anybody have a link to a page where i can learn how to use my keyboard as a mouse?
I can barely use my PC/internet due to the severe amount of ads/pop-ups clogging it these past few days. I am now unable to access the virus scanner normally without it crashing so cannot give details of the actual names of the viruses and their whereabouts. On the last scan it also said something about 'Hack100', which sounds worrying.

Any help with this matter and using my PC in safe mode is greatly appreciated, my skills are pretty basic.

Thanks!

Yes a PS2 mouse will work in safemode. You are on the right track attempting to kill is safe mode will work (should) Useing tab and your windows key should get you around with the key board

Nicola:

Do this, you have to disable your system restore, that's where it's hiding out:

Win Me Sys Rest:

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239?Open&src=sec_doc_nam&docid=2001111912274039&nsf=tsgeninfo.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl

It's hiding in your system-restore files which cannot be vaulted or cleansed except by dumping them. Do not re-enable system restore until you are 100% sure you are clean.

Go into Safe Mode and dump %TEMP% files > double click My Computer, put %TEMP% in address bar, enter, highlight and delete all.

And dump TIF > click tools > options > delete files, check the box for delete off line content > click ok > click delete cookies. > click ok. Dump recycle bin.

While you are in Safe Mode run AV, spybot and adaware (update and run them every three days or so. If you do not have them:

Spybot:

Download and Read the SpyBot tutorial here:

http://s89223352.onlinehome.us/mirror/spybot/index1.php

Download it, Unzip the program, and immediately UPDATE it, install the updates and then do the scan.

Let it fix everything marked in red. Reboot but not with restart, shut it down for two full minutes. You’ve got two measely minutes and it’s worth it, and let Spybot run if it indicates.

To add an item to your ‘Ignore List” click on the little ‘+’ sign next to the item and left click it to highlight it, then right click it and a menu appears, select the function you want.

When you are done reboot again same way. Two full minutes shut sown is best.

Tea Time discussed by designer here:

http://forums.net-integration.net/index.php?showtopic=13433

Also, go to the update page. Notice 3 icons across the top. Between "Search For Updates" and "Download Updates" there is an icon for the download mirror location. After you click on ‘search for updates,’ the one in the middle will change. If it doesn't say "Spybot.US by Rootboxen.net USA" click on the dropbox arrows and click on Rootboxen, and use only that one. If you got a "checksum error" trying to download --that's why.

Ad-Aware:

Download AdAware from http://www.lavasoft.de/

check for updates at "webupdate".

I use these settings (green check)

From main window click "Start" then make sure " Activate in-depth scan" has a green check next to it.

Put a black dot nest to "Use custom scanning options” and click Customize" next to it, then green check these options:
"Scan within archives" ,"Scan active processes", "Scan registry",
"Deep scan registry" ,"Scan my IE Favorites for banned URL"
"Scan my host-files"

At the top of the “STATUS” page notice the Tweak (gear) icon. Click on it.

The first setting is “Scanning Engine.” Click on the little plus sign next to it, and in the drop-down green check "Unload recognized processes during scanning", and “include basic Ad-Aware settings in log file”. Next click on the ‘+’ next to "Cleaning Engine" and in the drop-down green check "Let windows remove files in use at next reboot" and Delete quarantine objects after restoring”

Click "proceed", that will save those settings.

Click "Scan"

When the scan finishes, mark everything for removal and delete it. Right-click the window and choose "select all" from the drop down menu, press ‘next’ and then ‘yes’ to the prompt: “remove all these entries”.

However, if you have certain programs running that will give a false indicator of a browser hijack attempt, such as Script Sentry, which places a monitoring function in the registry and looks like a browser hijacker but is not, then you may want to add that to the ignore list because you want to keep it there to do it’s job. To add an item to the ignore list, put the a cursor on the file it reveals and left click it to highlight it, then right click it and a menu appears. Click on ‘ignore list.’

I shut down for two minutes, and let Adaware run on reboot if it indicates.

Go to start > Programs > Accessories > System Tools > Run disk clean up, then scan disk, if scan disk tells you there are programs running in the background--ctrl+alt+delete and end-task on everything except sytray and explorer, the run scan disk > then defragmenter.

Is your IE updated? Windows updated? Av updated? Outlook Express updated? Even if you do not use Outlook, it's settings will affect IE.

thankyou ever so much for the advice! i haven't been able to check back for a few days, i am going to do all of this ASAP.

very much appreciated! i will try and get back to post the results!