The worst virus i have ever had

[eru]

http://img.photoamp.com/pa/07/11/10/YoT1L.JPG
HI

i can see its on with that very annoying picture below. It is an msn bot saying "how do i look here" and sending the virus to my msn contacts. Pleaseh help me.
The virus does the same thing to all of someones contacts. He says " how do i look here" and sends a zipped file if u unizp and run it it does the same adn the same adn the same again . please help me cure it..i have avast i dit a scan with AVAST and also with many more ad-aware and professional ad aware programs and it did not go away . Not even with system restore.
Please tell me how to remove it. I can even see the Ip's doing the work via the tray icon but i cant see the messages because they appear oly in the peoples pc.
PLEASE HALPP

[FreewheelinFrank]

Hi eru,

If avast! can't find it, there are some free scanners you can try.

Look for and remove rootkits (hidden malware):



Panda Antirootkit

Blacklight

AVG Anti-Rootkit



Try a boot time scan with avast! Right click the scanner screen, select 'schedule a boot time scan' and reboot when requested.



Try a scan with DrWeb CureIT!

Try the usual free adware/spyware scanners.



AVG Anti-Spyware Free (Requires Win2k/XP)


Spybot Search & Destroy

SUPERAntiSpywareFree
a-Squared Free

Download, install and update the programs. Disconnect from the internet (pull the plug) before running scans in Safe Mode if possible.



Always select the option to quarantine any malware found rather than delete it, then you will be able to restore files or registry entries wrongly identified as malware- a rare but not unknown event for any malware scanner.



Try some online scans. (Disable avast! while scanning.)



F-Secure

BitDefender

Panda

Trend Micro Housecall



If still having problems, post a HijackThis! log.

Good luck!

[eru]

thanks i ll try and post here

[Lisandro]

thanks i ll try and post here

We'll be here to help

[eru]

Nothing happened , I tried almost everything you said, except the web based scanners .

here is my log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:48 µµ, on 10-??e-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\UAService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\vsnpstd3.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ftzztou.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Morgoth\My Documents\English-Greek and the opposite\POLYLEX.EXE
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe
C:\Program Files\Pinnacle\Studio 11\programs\Watchu.exe
C:\Program Files\Pinnacle\Studio 11\programs\UMI.EXE
C:\Program Files\Pinnacle\Studio 11\programs\RM.EXE
C:\Program Files\Pinnacle\Studio 11\Programs\PinnacleWebPublisher.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trillian\trillian.exe
C:\New Folder\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.divx.com/divx/webplayerdemo/en?rcv=1&dist=divxdotcom
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

[eru]

THIS IS THE OTHER HALF OF THE LOG :

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
O4 - HKLM\..\Run: [Ulead Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [RevHDD] C:\WINDOWS\SYSTEM\RevHDD.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ftzztou] C:\WINDOWS\system32\ftzztou.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1177238915-1085031214-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Shortcut to IMAGE.lnk = C:\Where dragons lay dead\IMAGE.ccd
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5ACC4FB5-C0CB-46D0-B441-D6ECE739AEB3}: NameServer = 194.219.227.2,193.92.150.3
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Print Spooler Service (donoagaagsi) - Unknown owner - C:\WINDOWS\system32\ftzztou.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 12580 bytes

[DavidR]

You don't appear to have an active firewall , what is your firewall ?

Fix (e.g. run HJT, close all windows and tick the box to the left of the entries and click Fix):
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Upload these files to VirusTotal - Multi engine on-line virus scanner and report the findings of these files here. If any are detected by multiple scanners, Fix and send example to avast, see below.

O4 - HKLM\..\Run: [ftzztou] C:\WINDOWS\system32\ftzztou.exe
O23 - Service: Print Spooler Service (donoagaagsi) - Unknown owner - C:\WINDOWS\system32\ftzztou.exe
O4 - HKLM\..\Run: [RevHDD] C:\WINDOWS\SYSTEM\RevHDD.exe (do you know what this ?)
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence (do you know what this ?)

####
Send the sample to virus@avast.com zipped and password protected with the password in email body and undetected malware in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
####

Is This domain your ISPs that is what the IP belongs to, forthnet.gr ?
O17 - HKLM\System\CCS\Services\Tcpip\..\{5ACC4FB5-C0CB-46D0-B441-D6ECE739AEB3}: NameServer = 194.219.227.2,193.92.150.3

Did you know this, did you install it ?
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe

[FreewheelinFrank]

I think you need to try the online scanners.

Please disable 'Hide protected operating system files' and enable 'View Hidden Files and Folders', and upload the above files to VirusTotal for analysis.

C:\WINDOWS\system32\ftzztou.exe

Compare detection on VirusTotal with the free online scanners that remove malware (posted previously) and hopefully one or more will remove this malware, if it is indeed the culprit.

[eru]

I have a router firewall .

Yes forthnet.gr is my isp.

I went to C:Program files and a folder named "note burner" does not exist  O.O
 ( i have the "view hidden files " on and system files revealed as you said)

O23 - Service: Print Spooler Service (donoagaagsi) - Unknown owner - C:\WINDOWS\system32\ftzztou.exe  - this one looks like malware, it seems to be a picture but no, it is an application as you see here
http://i42.photobucket.com/albums/e310/Morgoth_Bauglir/ssddffg.jpg

-----------------

C:\WINDOWS\SYSTEM\RevHDD.exe  -- i do not know what this is, nor did i manage to find it .
Thus i will send only the ones I can find .
after sending them, shall i remove the file ftzztou.exe?will this cure my pc of it?
---------------
C:\WINDOWS\system32\UAService.exe  ------- I dunno this one , nor do i recall installing such a file, but then again I cant remember my registries.

For now ill try the online scanners but I dont think they will help. Also I couldnt do the online scan because of some problem of IE (I use FF but the scanners demand IE)

[FreewheelinFrank]

Please disable 'Hide protected operating system files' and enable 'View Hidden Files and Folders', and upload the above files to VirusTotal for analysis.

C:\WINDOWS\system32\ftzztou.exe

Did you submit the file to VirusTotal? Can you post the result here?

[eru]

i did and its scanning it for like an hour or more =/

[DavidR]

A router firewall won't provide protection against unauthorised outbound Internet Connections.

Uploading to virustotal the suspect files that were mentioned (the ones you could find) will give is more information, not only that it is quicker to do than an on-line scan of your system.

Are you sure you are talking about uploading to virustotal and not doing an on-line scan ?
Sorry if this sounds like an insult to your intelligence, but a VT scan shouldn't take an hour.

The scan duration for a single file shouldn't take an hour even if it were a max size of 10MB (how big was the file you uploaded?), are you sure it is actually scanning and not stalled ?
There are 31 different scanners and it shouldn't spend a huge time on any one.

[FreewheelinFrank]

Run HijackThis! again, close all other windows, tick these entries then click 'fix':

O4 - HKLM\..\Run: [ftzztou] C:\WINDOWS\system32\ftzztou.exe

O23 - Service: Print Spooler Service (donoagaagsi) - Unknown owner - C:\WINDOWS\system32\ftzztou.exe

Reboot.

Click on Config, then Misc Tools, and then press the Delete an NT service.. button. Enter 'ftzztou' (without quotes) and press OK.

Then try to submit the file to VirusTotal again and also try the online scans again.

[eru]

Scanning Report
Sunday, November 11, 2007 00:21:16 - 01:52:32

Computer name: AEON
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 2 malware found
Email-Worm.Win32.Agent.bg (virus)

    * C:\WINDOWS\SYSTEM32\FTZZTOU.EXE (Deleted & Submitted)

W32/Delf.AXSP (virus)

    * C:\PROGRAM FILES\BITCOMET\TOOLS\COMETBROWSER.EXE (Submitted)

[eru]

I think I am cured finally. Wooh I thought I'd never get rid of it..
Thanks a lot..now I will have second thoughts about accepting files..
If something comes up with the same problem I will post here.Oh btw what did you mean when u said a firewall of a router is not enough to prevent unauthorized access to my PC? If I had a software firewall and a router firewall then things would be difficult for my web right?
Have a good day or night, depends on where you are.