Hi, Something evil is in my computer. I tried for about 8 hours to get rid of it but it just comes back. It effectively deactivates a whole series of functions in various programs and it makes itself invisible to various ways of finding it - this thing is driving me crazy. I gave up and took it to a Computer Doctor, who (of course) looked it over and found nothing major wrong. When I hooked it up again everything was fine... for about an hour... then IT came back again. If anyone can help, you will be my hero forever. Please bear in mind that I'm no technical whizz - a simple, step by step method (as explained to a 'ten-year old') would be the most useful reply. Thanks kindly. Regards, ALEX BELOW IS THE HIJACK THIS LOG FILE: Logfile of HijackThis v1.97.7 Scan saved at 9:41:36 PM, on 24/12/2003 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\CTSvcCDA.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINNT\System32\svchost.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\System32\Tablet.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Logitech\iTouch\kbdtray.exe C:\Program Files\Big Pond Advance\BIGPOND.exe C:\WINNT\System32\wuauclt.exe C:\WINNT\System32\svchost.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\IEXPLORE.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = www.google.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra 'Tools' menuitem: IMI (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: WebWorks Help 2.0 - file://C:\Program Files\procreate Painter Classic\Help\wwhelp2.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab

Can you post some more details about what the virus is actually doing? How do you know that you have a virus in the computer? Are there any messages or popups that indicate that you have a virus? Have you tried running Norton AntiVirus to detect and remove the threat? Val

Hi Val, This message may appear twice - not sure. I had a W32.Blaster.F.Worm alert whilst writing it and I'm not sure if I actually posted it. I would so dearly love to get my hands on one of the people who makes these viruses. Do they realise the havoc they cause on people's lives? Childish idiots using their great ability for all the wrong reasons - what goes around comes around though. Anyway, as to what it (the virus or whatever it is) does to my computer, below is a list. I've tried to run Norton Anti-Virus but that is one of the things it disables. The strange thing is the symptoms kick in about twenty to thirty minutes after I turn my computer on (?). So, Copy and Paste won't work in Word or Internet Explorer or a few other programs; can't use Search for Files or Find on this Page; can't send e-mails (not enough memory); can't access the WinNT folder in Windows Explorer - they're invisible; links on Internet pages won't work; can't play movies (AVI's, MPEG's); can't delete smss.exe in Task Manager (critical process); can't access by CD Burner; can't move icons on the desktop, etc, etc - basically plays havoc with all sorts of different functions. Hope you may be able to help. I'm desperate. Thanks and Merry Christmas. ALEX

I need the same fix. After 2000 is up for a while (30-40min) Applications and windows close by themselves. My anti virus software has been deleted. If I use one of the web based virus scanners the computer dumps when it reaches the win32.sys file in the scan. I tried to use my backup from a week ago (wipe the drive and start fresh) but this must have been a Trojan horse because the backup files are infected. My FDD configuration is gone, so I can't scan the drive from a floppy disk. If I run virus scan from a different computer the 2000 serve dumps memory. Any help would be appreciated.