Please help me, I've got a Trojan.ByteVerify Virus on my system. I have Norton Antivirus and it has located it, I've tried the steps they recommend to clean it and no luck. It changes my homepage and adds porno links throughout my Internet Explorer There seems to be a program loading at startup and I get a strange program end at shutdown. I've also tried manually clearing all my internet caches and histories and cookies. I even manually cleared my Sun Java cache, no luck. I've downloaded Hijackthis and used it to create a log file, here it is... Logfile of HijackThis v1.97.7 Scan saved at 1:20:44 AM, on 12/30/2003 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\SiSUSBrg.exe C:\WINDOWS\System32\sistray.exe C:\WINDOWS\System32\khooker.exe C:\Program Files\PCI Audio Applications\Mixer.exe C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\ctfmon.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe C:\Documents and Settings\Byrun\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://omega-search.com/panel_search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://teenhqpics.com/?homepage.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://teenhqpics.com/?homepage.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://omega-search.com/panel_search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://teenhqpics.com/?homepage.com O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.exe O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Mixer.exe /startup O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe O4 - Global Startup: winlogon.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Run DAP (HKLM) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37850.6520023148 I've tried Spybot, Adaware, CWshredder...I'm desperate. Also, it's affected my wifes profile In internet explorer as well. How do I fix hers after mine so it doesn't launch again? thanks for any help

First remove the source of vulnerability: Update your Windows OS and IE to the SP1 versions at windowsupdates http://v4.windowsupdate.microsoft.com/en/default.asp Byteverify is an exploit of a system that has not been security updated. "I've tried Spybot, Adaware, CWshredder...I'm desperate." Check that you have updated all these programs, specifically ALL three of them, and rescan with all three. There are new updates for all of them. Run the scans for each user profile on your system. After all that, consider replacing the MS Java with the Sun java. http://www.merijn.org/cwschronicles.html As a follow up only, post a new HjT log after the updates have been installed. iceblue

I had this same problem. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe is the culprit I couldn't just delete it, and task manager wouldn't kill the process for some reason. I just renamed it to a non-executable file and rebooted. Deleting this file then updating IE solved my problem. There's probably some registry cleanup to be done, but this will get it to stop bothering you. Have a nice day.

I sort of have this problem My homepage keeps resetting to http://teenhqpics.com/?homepage.com every time i restart my computer and get loads of files added to my favourites. I've performed a virus scan but found no virus and i've deleted the suspect registry files but they keep reapearing upon start up and its driving me nuts. I've tried the updated versions of spybot ans cwshredder with no luck! Someone - please help!!

wackybacky.. i've had exactly the same prob... i've download cwshredder.zip.. forgot where's it from, and it's fixed... there's one problem , still have some minor thing.. when shutting down windows it says end program .. Win In .. i've checked in msconfig and the end task manager but couldn't find the program if someone know how to remove this , please help..