As mentioned last week, working on my nephews unit which had NO security whatsoever. He's a US Marine about to deploy, kinda in a rush to get this machine running right again.

AdAware and SpyBot have removed over 1000 files. Norton & AVG (I even tried that out of desperation) have found and removed 25 viruses. This last one is giving me fits.

Scanning with either finds infected files, once files are deleted another INSTANTLY appears with random file names. Need to find the .exe that is creating them.

Random names include: ydmxpbth.dll, iexplorer.exe, infdisk.exe, syscdy1.exe, vid32cntl.exe, kbddrvinf.exe, mcinst1.exe.

Within the C:\Windows directory there is a WinSxS folder with a lot of very suspicious subfolders and files in it, research makes this sound like a compiler. Checked my XP Pro machine and no such folder exists. This guy is not the "sharpest pencil in the box" and couldn't write a letter, let alone a program. Therefore no need for a compiler.

Unfortunately he has NO disks for the machine, NO OS, NO driver disk. I guess format and reinstall is out without major expense.

Any ideas?

_________________________
The internet is no longer a toy, it's a COMBAT ZONE!

Martin, what operating system do you have? If it is XP, install it and contact Microsoft customer support if you have to, when you register it. I am positive they will work something out for you.

Capt, it is XP but there are no disks! Nothing whatsoever, KIDS! The only disks I own are 95, 98, 2kPro & XP Pro.

_________________________
The internet is no longer a toy, it's a COMBAT ZONE!

Martin, Contact Dell and have them send you a driver cd, and they probably will send you the XP cd for a small fee. Tell them the problem your nephew had. Ask for a supervisor if you need to and they will probably send everything you need. If you cannot get a new operating system cd use your XP. Contact Microsoft if there is a registration problem(there is a good chance there will be none). Explain the problem and plead for mercy, which should be forthcoming. If you use the other operating systems, you will need to reformat the hard drive. This is no big deal to do. Then use the operating system of your choice. I would use 2000.

Hi
Maybe I'm a bit late here, but I know your problem, and want to inform u that u're infected with a trojan called; TROJ_CRYPTER.A

It gave me a lot of problems.

Go to: http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=59165&VName=TROJ_CRYPTER.A&VSect=O

There u wil find removal instructions.

Good luck.

Frode, did you mean that if a person has the folder c:\windows\winsxs, that their infected with that trojan, or that considering Martin's massive virus symptoms, he may have the same trojan you had? Because I too, have recently discovered a never-before-present winsxs folder in my windows folder, and I just reformatted my hard drive yesterday. I'm wondering/worrying whether or not a network computer is infected and spreading this trojan (despite my disabling all write-access on shared folders), or I myself am somehow contracting this trojan...or even if it's a trojan at all. I'd be greatly relieved to know what exactly this folder DOES and whether its a normal, harmless folder or something I should worry about.

Windows XP Pro
AMD Athlon XP 2200+
512 DDR 333 Ram