I need help to. A trojan has done something to my win32 files,mozila browser and norton conection keep alive. Every time I log on, win32 executes a number of unknown modules as does my browser. These tamper whith my security settings in norton internet security/antivirus. Ive also noted that it shuts down norton internet security after i launch my browser. My browser pages have distortions on theme. My system was also attacked a total of 100+ times today via a hijacked ip address, sudgesting ouside server influence. Any advice on a name or how to get rid of this problem/guy/server? anybody want the fake ip it used.

Thought i'd add that it seemed to have spread via the norton conection keep alive files. It will not let me use norton antivirus profesional 2004. Or 2005. I can only use client antivirus v8 and this detects nothing. I had downloaded panda itanium 2006 trial and tried this. The trojan was not detected but the modules were blocked. This shut down my browser completely. The trojan stoped panda from updating and can stop norton liveupdate from accessing its server. Tried spybot and ad-aware. My system reports clean. Live update setings in norton internet security/options apear to be getting turned off. Sorry im writing this as i work on my sytem.

Some of the modules are trying to access the address that tried to intrude on my system earlier. I tried to use norton to back-track that address and it said that the address was false and hosted. Now im even more confused. I tried to lower my firewall earlier to do some work to my system and my system recieved repeated intrusion attempts. 32+ in the space of a few seconds. I waited later, after doing some work and tried angain to lower my firewall and the same thing happend again. The same thing has just happend again during the space of writing this message. 57 times so far and counting.

Run this free online scan from Panda If you think you have vundo or winfixer download SpySweeper from this link http://www.spywaredb.com/remove-win32-vundo-522752trojan/ Choose download SpySweeper from this line: Delete Win32/Vundo.522752!Trojan automatically >>> Get PestPatrol or Download SpySweeper at the above link Then download and run ccleaner to clean out all your temp files. Make sure there is not anything in the recycle bin that you need as ccleaner will delete recycle bin items unless checked not to do so.. Then download,update and run these spyware removal programs Adaware SE and once you get it updated go back to the link and install the vx2 cleaner and follow the directions to install it the run it. This updated tool will remove most vx2 infections including Look2Me. Spybot cwshredder use the stand alone version. If that don't help You will most likely need to post a Hijack This log so that the files associated with the virus can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed. Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor. Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

I tried the link from panda but it wouldn't scan using my browser. I tried using it via internet explorer and it came back clean. I will say that i think the thing is launching via the win32 processes and my browser. I tracked my browsers modules and found 12 that are unknown. Of these 12 modules 4 send out information to a supposidly false ip address. Im able to block the intrusion attempts but I cant stop my browser etc passing on information about me. I feel this thing rode in on the back of an update I recieved from symantec for conection keep alive. I have spybot v1.4 and ad-aware se they both see nothing at the moment although spybot repeatedly found winfix less than a week ago and cwshredder found look2me but none have been found for nearly a week now. Downloaded HijackThis. Here is my log. Logfile of HijackThis v1.99.1 Scan saved at 11:47:16, on 04/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\SYSTEM32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\Explorer.exe D:\Program Files\Common Files\Symantec Shared\ccProxy.exe D:\WINDOWS\system32\CTsvcCDA.exe D:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe D:\PROGRA~1\NORTON~4\NORTON~3\GHOSTS~2.exe D:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe D:\PROGRA~1\NORTON~4\NORTON~1\SPEEDD~1\NOPDB.exe D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe D:\WINDOWS\system32\MsPMSPSv.exe D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe D:\WINDOWS\system32\nvraidservice.exe D:\Program Files\Browser mouse\1.3\mouse32a.exe D:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe D:\Program Files\Multimedia keyboard utility\1.3\KbdAp32A.exe D:\program files\WinOverBoost\wob2.exe D:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe D:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe D:\PROGRA~1\BTYAHO~1\SMARTB~1\BTHelpNotifier.exe D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Messenger\msmsgs.exe D:\program files\Spybot - Search & Destroy\TeaTimer.exe D:\Program Files\Symantec\Web Tools\CKA.exe D:\WINDOWS\system32\wscntfy.exe D:\Program Files\BT Yahoo! Help\bin\mpbtn.exe D:\program files\Mozilla Firefox\firefox.exe D:\mydownloads\New Folder\HijackThis.exe D:\Program Files\Symantec\LiveUpdate\AUpdate.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O4 - HKLM\..\Run: [NVRaidService] "D:\WINDOWS\system32\nvraidservice.exe" O4 - HKLM\..\Run: [FLMMEDIONMOUSE] D:\Program Files\Browser mouse\1.3\mouse32a.exe O4 - HKLM\..\Run: [FLMK08KB] D:\Program Files\Multimedia keyboard utility\1.3\MMKEYBD.exe O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.exe O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] D:\Program Files\Norton Internet Security Professional\UrlLstCk.exe O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinOverBoost] D:\program files\WinOverBoost\wob2.exe O4 - HKLM\..\Run: [DSLSTATEXE] D:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] D:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Motive SmartBridge] D:\PROGRA~1\BTYAHO~1\SMARTB~1\BTHelpNotifier.exe O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\program files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SymKeepAlive] D:\Program Files\Symantec\Web Tools\CKA.exe O4 - Global Startup: BT Yahoo! Help.lnk = D:\program files\BT Yahoo! Help\bin\matcli.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{ED0AADF6-08CE-4D05-9015-1375E91C89B3}: NameServer = 194.74.65.69 62.6.40.178 O20 - Winlogon Notify: NavLogon - D:\WINDOWS\system32\NavLogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: CWShredder Service - InterMute, Inc. - D:\mydownloads\cwshredder.exe O23 - Service: DefWatch - Symantec Corporation - D:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: GhostStartService - Symantec Corporation - D:\PROGRA~1\NORTON~4\NORTON~3\GHOSTS~2.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~4\NORTON~1\SPEEDD~1\NOPDB.exe O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Was thinking of uninstalling mozilla, sp2 and norton. Delete the contents of system & system32 folders then performing a repair install off my windows disk then reinstalling sp2 then norton and mozilla.

digadeath,First the tea timer needs to be off while you run you spyware removal tools so turn it off then restart it once you get you computer cleaned. Run a new HT scan,close all windows except HT and place a check beside the following items the press "fix checked". O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe Next shut off windows messenger. It is not needed and is a portal for malware,spyware and the likes. To do so go to start>control panel>administrative tools>services>scroll down to messenger>double click messenger>in the properties box click the drop down arrow to the right of "startup type" and click to select disable>apply>ok. Download ewido's free trial from this link http://www.ewido.net/en/download/ then update it. Boot into Safe Mode and run ewido.Reboot to normal mode and post the ewido log.