please help me~! there seems to be a lot more viruses than i thought i could handle by myself. i suspected some type of virus on my com so i went on to fix it but ... well, i tried these: HijackThis v1.97 Logfile of HijackThis v1.97.3 Scan saved at 2:46:50 AM, on 10/27/2003 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.exe C:\WINNT\system32\winupdate\msmngr32.exe C:\WINNT\system32\internat.exe C:\WINNT\system32\conime.exe C:\WINNT\system32\spread.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\IEXPLORE.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_AZTMP9_\HijackThis.exe N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\pzt8kpr4.slt\prefs.js) O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [msmanagerw32] C:\WINNT\system32\winupdate\msmngr32.exe O4 - HKLM\..\Run: [MusIRC (irc.musirc.com) client] musirc4.71.exe O4 - HKLM\..\RunServices: [MusIRC (irc.musirc.com) client] musirc4.71.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: AIM (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: FlashGet (HKLM) O9 - Extra 'Tools' menuitem: &FlashGet (HKLM) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {26612C18-A9B4-4C25-90ED-5086F273BF9D} (FcCommCtrl.PDSFileDown) - http://home.freechal.com/etc/FcActivePackage/FcCommCtrl/FcCommCtrl.CAB O16 - DPF: {3283DF90-1733-4A79-B1F5-2D05A8E4D448} (HanGamePlugin15 Class) - http://down.hangame.com/dist/activex/HanGamePlugin15.cab O16 - DPF: {4BC4C3E9-2BBB-4F28-A449-D25CD323109B} (HGAgentClient Control) - http://bar.hangame.naver.com/bar/HGAgentClient.cab O16 - DPF: {5468A766-6749-4EC5-8F7A-5D47EE8FE646} (ConnectControl Control) - http://www.x2game.com/Control/ConnectControl.Cab O16 - DPF: {616E79D9-B745-46A4-BC02-E30941D110C3} (JOA.Loader) - http://211.234.125.46/~godori/down/awoodong/cab/awoodong.cab O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_6.CAB O16 - DPF: {79419762-2D03-48F8-A63E-0544D95143DE} (AutoPatchOCX Control) - http://www.x2game.com/Control/AutoPatchOCX.cab O16 - DPF: {8C6582F6-F192-4D55-8326-2D742FC4E2A6} (HanGamePlugin14 Class) - http://down.hangame.com/dist/activex/HanGamePlugin14.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37875.970775463 O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {AD66F420-3AB3-43EE-B1E7-304D21084009} (view_card Class) - http://cdn.lettee.com/ecard/play_card/letteecard.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {D7F0CC2E-FB09-4B38-B9A7-6807CBCD4859} (NMChatX Control) - http://download.netmarble.com/NMChatX/NMChatX.cab O16 - DPF: {E5F55B7A-89D5-4387-B665-43437B3E293D} (X2Run Control) - http://www.x2game.com/Control/X2Run.Cab O16 - DPF: {F49A7BC3-8EC9-4817-952D-D75527B75F2D} (VoiceChat Class) - http://61.78.39.35/VCSpider/voicechatatx.cab O16 - DPF: {F82CC28F-935F-11D3-A25B-006097755A02} (avchatAtx Class) - http://res2.ohmylove.co.kr/chat/avchatatx.cab and RAV on-line virus scan: Scan started at 10/27/2003 1:35:11 AM Scanning memory... Scanning boot sectors... Scanning files... C:\WINNT\ntcore\abcd.jpg - Backdoor:IRC/Cloner.K* -> Infected C:\WINNT\ntcore\ntdll.bat - Trojan:BAT/Noshare* -> Infected C:\WINNT\ntcore\ntsys.exe - Tool:HideWindows -> Infected C:\WINNT\system32\dll32.hlp - Backdoor:IRC/Flood.A* -> Infected C:\WINNT\system32\dll32NT.hlp - IRC/Flood* -> Infected C:\WINNT\system32\H@tKeysH@@k.DLL - Keylogger/Win32.HatKeys -> Infected C:\WINNT\system32\nt32.ini - Trojan:IRC/Froze* -> Infected C:\WINNT\system32\ocxdll.exe->(PaquetBuilder)->dll32.hlp - Backdoor:IRC/Flood.A* -> Infected C:\WINNT\system32\ocxdll.exe->(PaquetBuilder)->dll32NT.hlp - IRC/Flood* -> Infected C:\WINNT\system32\ocxdll.exe->(PaquetBuilder)->mdm.exe - Tool:HideWindows -> Infected C:\WINNT\system32\ocxdll.exe->(PaquetBuilder)->nt32.ini - Trojan:IRC/Froze* -> Infected C:\WINNT\system32\ocxdll.exe->(PaquetBuilder)->tftp8675 - Trojan:IRC/Bounce* -> Infected C:\WINNT\system32\ocxdll.exe->(PaquetBuilder)->XVPLL.HLP - Trojan:IRC/Flood.I* -> Infected C:\WINNT\system32\shelldll.exe->(PaquetBuilder)->abc2.dll - Backdoor:IRC/Cloner.O* -> Infected C:\WINNT\system32\shelldll.exe->(PaquetBuilder)->abcd.jpg - Backdoor:IRC/Cloner.K* -> Infected C:\WINNT\system32\shelldll.exe->(PaquetBuilder)->adobes.exe - Trojan:Win32/Hidemapo -> Infected C:\WINNT\system32\shelldll.exe->(PaquetBuilder)->ntdll.bat - Trojan:BAT/Noshare* -> Infected C:\WINNT\system32\shelldll.exe->(PaquetBuilder)->ntsys.exe - Tool:HideWindows -> Infected C:\WINNT\system32\syscfg32.exe->(UPXW) - Backdoor:Win32/SdBot.0_5.AK -> Suspicious C:\WINNT\system32\syscfv33.exe->(UPXW) - Backdoor:Win32/SdBot.0_5.AK -> Infected C:\WINNT\system32\tftp8675 - Trojan:IRC/Bounce* -> Infected C:\WINNT\system32\w32x586.exe->(PaquetBuilder)->msnq32.exe->(ASPack 2.12) - Tool:HideWindows -> Infected C:\WINNT\system32\w32x586.exe->(PaquetBuilder)->mmsql32.bat - Trojan:BAT/Passer.C* -> Infected C:\WINNT\system32\w32x586.exe->(PaquetBuilder)->infsrv.exe - Trojan:Win32/Delsha.C -> Infected C:\WINNT\system32\w32x586.exe->(PaquetBuilder)->mtnm32.dll - Worm:IRC/Randon.Q* -> Infected C:\WINNT\system32\XVPLL.HLP - Trojan:IRC/Flood.I* -> Infected C:\WINNT\system32\winupdate\infsrv.exe - Trojan:Win32/Delsha.C -> Infected C:\WINNT\system32\winupdate\mmsql32.bat - Trojan:BAT/Passer.C* -> Infected C:\WINNT\system32\winupdate\msnq32.exe->(ASPack 2.12) - Tool:HideWindows -> Infected C:\WINNT\system32\winupdate\mtnm32.dll - Worm:IRC/Randon.Q* -> Infected C:\WINNT\system32\winupdate\w32x586.exe->(PaquetBuilder)->msnq32.exe->(ASPack 2.12) - Tool:HideWindows -> Infected C:\WINNT\system32\winupdate\w32x586.exe->(PaquetBuilder)->mmsql32.bat - Trojan:BAT/Passer.C* -> Infected C:\WINNT\system32\winupdate\w32x586.exe->(PaquetBuilder)->infsrv.exe - Trojan:Win32/Delsha.C -> Infected C:\WINNT\system32\winupdate\w32x586.exe->(PaquetBuilder)->mtnm32.dll - Worm:IRC/Randon.Q* -> Infected Scanned ============================ Objects: 47871 Directories: 2841 Archives: 1093 Size(Kb): -1948379 Infected files: 33 Found ============================ Viruses found: 15 Suspicious files: 1 Disinfected files: 0 Mail files: 4018

i went on to find out what those exe files were and they have nice little viruses (virii?!) inside.. learning that ocxdll.exe and w32x586.exe and all their contents were stuff i probably dont want, i searched for them and deleted. also changed my admistrator/[blank] login to somethin harder to crack, so i should be better off. but i was wondering what shelldll.exe was. i think its the same deal as the other exe files wit virii in them, considering the fact that it also has that psexec.exe and what not ... somehow i'm not sure if i really wanna delete all the familiar-named virus-ish files thats inside that exe. and lastly, i have no idea about these registries to delete.. and stuff. what should i do? (in addition to hijackthis and RAV scan, i tried spykiller(while i was at it) and F-secure and man its almost 5am.)

RAV8 scanned 29 viruses of which I manually removed almost all of them. This is the last one left...Grrrrr.... Can't find any info on it on the web, and am at a complete loss of how to remove it... Any suggestions ??? PLEASE HELP ! MOJOjojo

My AVG Anti Virus alert again and again about C:\WINNT\system32\spread.exe. So I deleted the file manually from the dos command (start->run->cmd type: "delete C:\WINNT\system32\spread.exe" without the quotation mark and press enter). After that I created directory with the same name: (type "md C:\WINNT\system32\spread.exe" and enter). Directory is like a file, so the windows cannot creat 2 files with the same name. (Type: exit to return to windows). Good luck.