inf3ct3d.us

[lee16]

Looks clean to me, no harmful stuff that i can see 

However, there is this:

o4 - hkcu\..\run: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background

its not harmful, what it does is starts MSN messenger up when you turn on your PC, 'fixing' could speed boot up time on your computer (you will still be able to open MSN via the icon on your desktop/start menu), but of course its your system, so its up to you if you do it or not 



o and BTW, when we said install all security patches we meant SP2 as well, and then the patches for them as well. (you are currently on SP1 according to your log).
By having SP2 it will increase your windows security and help prevent spyware getting on your system.

-lee

[lucifer]

i have a problem with sp2 because it doesnt like wireless networks.. cheers guys you've saved me from re formatting. the only other thing is this application folder that keeps appearing in my hard drive everythime i delete it it comes back after i boot up and it was created the same day that i got the virus. do you know what i can do with that

cheers

[lee16]

I cannot find any infomation on 'c:\autoprotect.exe'

Is it running in memory? (check task manager)

Also try uploading it here and let us know the results: http://virusscan.jotti.org/

--lee

[lucifer]

hi lee i submitted it to that site and here are the results


Service load:  0%        100% 
 
File:  autoprotect.exe 
Status:  INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) 
Packers detected:  None
   
AntiVir  No viruses found (0.37 seconds taken)
Avast  No viruses found (1.53 seconds taken)
AVG Antivirus  Collected.3.X (0.36 seconds taken)
BitDefender  Trojan.LowZones.G (0.63 seconds taken)
ClamAV  No viruses found (1.36 seconds taken)
Dr.Web  Trojan.LowZones (1.72 seconds taken)
F-Prot Antivirus  W32/Lowzones.AC (0.14 seconds taken)
Fortinet  No viruses found (0.81 seconds taken)
Kaspersky Anti-Virus  Trojan.Win32.LowZones.g (1.18 seconds taken)
mks_vir  Trojan.Lowzones.G (0.44 seconds taken)
NOD32  Win32/Lowzones.G (1.16 seconds taken)
Norman Virus Control  Sandbox: W32/Malware; [ General information ]

* File length: 7168 bytes.

[ Changes to registry ]
* Sets value "Flags"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1001"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1004"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1200"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1201"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1206"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1400"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1402"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1405"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1406"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1407"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1601"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1604"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1605"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1606"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1607"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3". (1.73 seconds taken)


cheers

[lee16]

OK it seems its malware that avast doesn't detect 

So password protect (zip) the file up with either Winzip or Winrar.
Then email the file to virus@avast.com
In the email mention the password to open the file, and them give them the jotti scan information in your last post (let them know the info is from jotti online scanner).

After this, do an online scan with bitdefiender here: http://www.bitdefender.com/scan/licence.php (click 'i agree')

Check/tick all the options down the left side, and when it finds the malware, let bitdefender remove it

Then your system should be clean 

-lee

[lucifer]

cheers lee your an absolute legend

[lee16]

BTW lucifer, i have never heard of a WI-FI (wireless network) having problems with SP2, i have seen them working fine on other peoples machines which have WI-FI and SP2, although i suppose it would come down to the specific hardware.
Did you contact your WI-FI manufacturer about this?, they should provide the driver themselfs.

cheers lee your an absolute legend

No problem lucifer, and don't forget, Eddy was helping get to the bottom of this as well 

--lee