Infected with: Win32:NcaseSpy [Trj]

[ak44ak]

My computer has been plagued with viruses recently, one of them being the Win32:NcaseSpy [Trj]...Avast is unable to delete it or repair it and moving to chest produces no results either! What am I to do?
Im using Win XP..Avast is uptodate and have zone alarm free edition running.
Oh yea and my computers infected with the blaster worm or one of the variants as well and I cant remove that either.
Please HELP

[whocares]

Hi,

please use the board search above first to read up on the existing advice for Blaster and Ncase

Blaster: Use avast Cleaner and then apply the necessary Patches, plus ALL Windowsupdates

Ncase: Where exactly was it found ? (Full path/folder/filename: see avast's report/Logs)
try removing it with avast in SafeMode(F8-Boot) and use spybot and ad-aware

[ak44ak]

The path is as follows:
C:\WINDOWS\GTBGJT.exe.tmp
And no matter which option I select it dosent remove the virus..I got the AVAST virus removal utility and ran a full scan and it dosent even detect a single virus.
Running HIJACKTHIS! previously revealed that my file called MSNE.EXE was infected and I never got around to cleanin it up...next thing I know more and more viruses are entering the system every other day. However many were caught and removed but some have entered the system it seems.

I have already patched up Win XP with all the latest updates available yet I am havin this problem...the only update thats currently available for me to get from windows site is new drivers for my cable modem thats about it - nothing else.

Thanks I will check out the Blaster Worm removal posts..thank you..Any further help will be appretiated kindly.

[whocares]

Hi,

do you mean maybe:
MSNET.EXE ?
-> http://www.sysinfo.org/startuplist.php?filter=MSNE&count=&type=

NCASE:
use the other scanners mentioned in the Board:
- Trend, RAV, KAV
- Spybot, Ad-Aware, cwshredder

if you can't resolve the Issue with all those, report their findings and maybe post a hijackthis log here

[ak44ak]

No the file is MSNE.EXE alright and the ONLY way I can tell it has a virus is cos it cant be deleted or attatched to e-mail..when i try and attatch it, Yahoo mail says "file cannot be attatched, virus detected" thats all.
Thanks for the help..I got rid of every one of the viruses except this MSNE.EXE file one...the guys at HIJACKTHIS wanted me to send them that file, but I cant cos it wont get attatched...so for now, it seems im safe lol.
Thanks again for everything and heres a rose for ya >> @};-

[whocares]

Hi,
boot Windows in SafeMode (F8-Boot) and then copy msne.exe to a new empty folder.
reboot normally, and scan this copy with the above onlinescanners and maybe send it to
virus (at) asw (dot) cz

in a password-protected zipfile; including the zip-password, a description & this link in the mailtext

[ak44ak]

Hey I finally got the virus ...but ptoblem is I still cant remove it!!!
It is called:
W32.HLLW.Gaobot.gen
And has infected the C:\WINDOWS\SYSTEM23\msne.exe file.
I am trying desperately to download a removal tool for that specific virus from the symantec website but its not downloading and thats really annoying.
Oh by the way it was Norton Antivirus that finally got the little bugger....but since it has been detected it has strangely become ultra active and my firewall keeps alerting me (for the first time ever) that its trying to communicate and asking fro access and file has changed and also strangely my MSN messenger which I never use and have it disabled has started asking for access too. Currently I am just gonna attempt to remove it manually if the removal tool dosent download. Symantec ives a lot of steps to do it manually so wish me luck!!

[whocares]

I wonder if this special tool for generic detections will clean up everything, as there are hundreds of variants for it..
( it loads alrigth here, though..)

follow symantec's advice, or use TrendScan & Trends instructions
 

most of these GAOBOTs have backdoor functionality, and it was active on your PC, so:
- do thorough scans with several scanners (maybe even Kaspersky trial), check your Startups
- secure your system better and
- change all passwords/PINs/etc. that you used/entered on this PC

Further details on procedure everywhere in the board