Was attacked by a Virus yesterday on my Laptop. My Daughter went to a Looney-Tunes site, and it asked her to install a Java plug-in. She choose NO, but it installed a program anyway. The program showed up in the Add/Remove programs list with no program size and it would not uninstall. About 5 minutes later, AVG email scanner started popping up sending mass emails to random email addresses. I could not stop it. It took over almost every system resource but nothing showed up in Task Manager. I had to unplug the network cable from the wireless router to stop it. It then sat and tried to connect to IP after IP again at random. I went into the reg and removed all entries from RUN, and rebooted. (There were 6 entries called payme.exe, youpay.exe, etc.) Upon reboot, AVG found 42 viruses, but could not identify them nor remove them, and the IP attempts started again. As I started removing the viruses that AVG found by hand, everytime I would delete one, it would morph into 2 or 3 more. I rebooted intop safe mode, and removed everything I could find in Win/sys and Win/Sys32, as well as the reg and any program files. The new program still wouldn't uninstall in Safe Mode. Upon reboot, I shut down 12 running processes in Task Manager that were not Windows related, but the IP search kept running. AVG would not load this time, nor would Zone Alarm. I went into the remove programs again, and this time while trying to remove the program, it opened a webpage. I connected back to the Internet and allowed it to run. It led me to this page: www.mypctuneup.com, and told me to run the removal program. After 20 minutes, the program uninstalled, but dropped 20 dialers to porn sites on my desktop. The Virus is still there also, and still attempts to connect to random IP addresses to send mass emails. WHAT CAN I DO??!!! This is nuts! Anyone heard of anything like this? Thanks!

before you go into safe mode did you turn off system restore? I would do that. Also while in safe mode you should scan with spybot search and destroy, and Ad-aware. also go to start, run, type msconfig, and on the startup tab uncheck anything you don't want to load automatically (be careful though cause some things there are necessary for windows.) Jen

Hi Kopfgeldjaeger Try this Check under tools if using IE then manage add-ons and see what shows up then Download and run microsoft antispyware (copy and paste this to your browser) http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en You have to click the validate button but you get the option to decline on the next window, believe me it's good at finding and stopping this type of thing. Next run an online virus scan any from here http://windowsxp.mvps.org/Scanners.htm Trend micro is my favorite click on the fix box before scanning let us know how you get on If any advice helps, please post back as it might help others.

I just tried about 30 Looney-Tunes sites and they all come up clean. If you can post the one she got it from, I can tell you what it loaded into the machine. _________________________ The internet is no longer a toy, it's a COMBAT ZONE!

This trojan (.zip format with 8 files) has a payload that tries to overwrite boot tracks on November 15. It installs itself in within your Java application and replicates from there. Shut down all but one browser window, plus all other programs. Open your Java Console (under Tools in the File Bar Menu). Use the Java Console to Clear the classloader cache Dump the classloader list AVG Free, McAfee and Kaspersky all declare the system clean following this step. You can also manually delete all files from the Java cache, as long as broswers and all Java apps are closed. If worried that something still remains on your system, on November 13th, skip the date ahead to November 16, and leave it for 48 hours (disable any auto update). Lars