HELP!!! I'm not 100% sure what worm I have but I know I have one! I think my computer was infected when someone, (not ME of course), clicked on a link to a site with an upskirt pic of Jessica Simpson. Once the site loaded, my NAV popped up a warning saying it caught something and since the unnamed user was intoxicated, he didn't catch the name of the virus that Norton found. :( Anyway, I clicked on "OK" and both NAV 2003 AND Zone Alarm Pro Firewall (ZA) both shut down.

When I rebooted, NAV and ZA didn't load like they usually do. I am able to manually start ZA and it still appears to work but my NAV auto protect is disabled. If I try to enable auto protect, NAV locks up and I have to close it. NAV will also shutdown if I try to run a system scan unless I'm in safe mode.

My NAV should have been up to date within a day or so. I rebooted in safe mode and ran a complete system scan. NAV found no problems. I looked at the NAV log in safe mode and was able to see that either WINET.exe or WlNET.exe was found previously or quarantined. I also found that the same program was shown as ACTIVE in ZA's Program Control list. I blocked all access with ZA but I don't know if it's actually working or not. I also ran "End It All" ver 2.0 and saw that wlnet.exe was running so I killed it but it restarts with windows every reboot.

I ran the online scan of PC-cillin and it found "Troj Bridge A" in c:\windows\system32\bridge.dll. I told it to delete the file but the file is still there.

I did a search on Google for wlnet.exe and the only thing i could find was from Sophos saying that it might be the W32/Lovegate-V worm. It did not however tell me how to remove it.

Does anyone have any ideas on how I can get rid of this thing? Am I safe for now with having it blocked in ZA and closing it with End It All everytime I reboot? I'm on a cable modem and a LAN. The other 2 computers on the LAN don't seem to be infected but is it possible for this thing to spread?

Last comment, the idiot DID learn his lesson about clicking on strange URLs. The picture was real but it wasn't worth the 2+ days I've spent doing nothing but trying to de-worm my computer. At least I don't have a wife or girlfriend to nag me with "You deserve it"!!

Use this AV instead , http://www.free-av.com/index.htm

Disable NAV from starting before installing AntiVir.

I downloaded that free AV program and ran it in both regular and safe modes. It found 2 files that it said were bad and deleted them but I still have the same problems. :(

Which problems ?

Please read my original post. ALL the problems are listed there. I tried the AV program you suggested and it did NOT work.

Download 'Hijack This!'. Unzip, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, click "Save Log", and copy and paste it in a reply.
HijackThis!

Here you go Tom41. FYI, the only things I did after a clean boot and before running HijackThis were to kill the running program wlnet.exe with EndItAll and start Zone Alarm. I don't know if that will affect the results of HijackThis or not, so I offer it only as an FYI.

Logfile of HijackThis v1.97.7
Scan saved at 2:24:17 PM, on 6/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\WlNET.EXE
C:\Program Files\CPUCooL\CooLSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlservr.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\ESSENTIAL PROGRAMS\SpywareGuard\spywareguardcp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ESSENTIAL PROGRAMS\ZoneAlarm\zapro.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ESSENTIAL PROGRAMS\WinRAR\WinRAR.exe
C:\DOCUME~1\Dave\LOCALS~1\Temp\Rar$EX03.805\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\ESSENT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\ESSENTIAL PROGRAMS\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\essential programs\Quick Time 6\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - Startup: SpywareGuard Control Panel.lnk = C:\Program Files\ESSENTIAL PROGRAMS\SpywareGuard\spywareguardcp.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\ESSENTIAL PROGRAMS\ZoneAlarm\zapro.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: ATI TV (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Web Entry (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {5DBF08EF-4BDE-11D3-B8E4-0080C84E9C66} (Medi@Show Control) - http://www.cyberlink.com.tw/medi@show/tv/MediaShow.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37882.8932060185
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup141.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://216.65.38.226/crack.CAB

Open the task manager and end process on C:\WINDOWS\System32\WlNET.EXE. Then delete it.
Also scan with HijackThis again and check this entry and click 'fix checked'.

O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://216.65.38.226/crack.CAB

I got this Trojan as well. It took me 3 days to clean it up, and I can tell you this is really bad. goto www.trojanhunter.com download their scanner, install it and clean it up. It might not 100% remove it so check this also, in your registry: hkey_LM\software\microsoft\active setup\installed compoenents\{42CE4021-DE03-E3CC-EA32-40BB12E6015D} make sure there is no running COM files
remove any entry over here as well in HKEY_LM\software\microsoft\windows\currentversion\policies\explorer\run com services with *.COM and also in HK_CU Make sure delete the wlnet.exe and those .com files do a searh should be in system32 some where. or in Windows directory

Tom41 and IgotThistoo..... THANK YOU!!!!

I ended the process wlnet.exe, (it was running twice for some reason, so I ended both) and let HijackThis fix or delete the entry that Tom41 suggested.

I then downloaded the Trojan Hunter program that IgotThistoo suggested and it found three trojans in my registry; "Beast.210", "BeastDoor.197" and "BeastDoor.213". It was able to remove the first one but I had to manually remove the other two. I deleted the files:
c:\windows\system32\wlnet.exe
c:\windows\Prefetch\WLNET.EXE-17417147.pf
c:\windows\msagent\msptmf.com
c:\windows\system32\mskfbr.com
c:\windows\Prefetch\MSKFBR.COM-03052E0F.pf

There was one *.COM that I had to remove from one of the registry locations that IgotThistoo mentioned but I forgot to write down where I found it.

After rebooting, my NAV auto protect and email scanner was back on and Zone Alarm started on its own too. YIPPEEEEEE!!!!! No more wlnet.exe and I think all is well. :) THANK YOU! THANK YOU! THANK YOU!!!!

Should I change my passwords or anything, now that my computer is clean again? In other words, what kind of damage could have possibly been done already that I still need to repair or anything that I need to protect to prevent something like this from happening again? I think I might get that TrojanHunter even after the trial expires. It is running a TrojanHunter Guard program on startup and I think that might be nice to have. NAV alone just isn't enough. If you have any other comments or suggestions I would appreciate them.

Again, THANK YOU BOTH!! I love this forum! I've learned quite a bit just from reading other posts and when I've asked questions, someone always has the answers!

You can also get this software http://www.antiviraldp.com/ do another scan just to make sure there is no more trojan. Trojan hunter is not 100% have fun and good luck