W32.IRCBot (email, install, how to, Windows)

[BovinaCowHateWindTurbines]

Ok last week one of my machines got infected with the lastest release of that worm - so I purchased the new Norton 2007 Security package did a full scan it found the worm but only "partially removed it" huh? So I did another scan it still finds it in 18 registry entries - so I navigate in regedit to where it says it lives, but those entries dont exist. - Symantecs site has removal instructions but they are vague and not applicable to this situation it seems - so I pay for a $10 support call to Symantec - after 30 minutes of explaining the situation - well it never was understood so a waste there.

Then I buy Spywarebot based on another thread here - ok it finds a lot of stuff but still this worm persists - what is happening to the best I can see is someone hijacked that machine and is sending email through something - all I see is the Norton email scanner go up and down in the task bar. I was able to catch it once and saw the email address that it is sending to or from not sure. Some hotmail account. This after spending 60 for Norton and 60 for spy bot.

So now I am totally confused on how to get rid of this thing - its my wifes computer and she needs to get going. Any ideas would greatly be appreciated!

[southernlady5464]

Please go to HiJack This and unzip the newest version into a new dedicated folder,

Create a folder on the C: drive called C:\Programs\HJT.
Unzip HijackThis into this folder. Launch Hijack This, then "Do a system scan and save log file".

This will generate a text file that will list all running processes, all applications that are loaded automatically when you start Windows, and more.
Most things are harmless and needed so don't make any changes.

Then go to ASAP and pick a site from the list on the left side. Go to the forums, sign in as a member and look for the proper security section.

Your likely to get help quicker if you start your own thread, Post a log in a new thread started by you please. Posting a HJT log in someone else's thread gets to confusing and there is a good chance it will get overlooked.

Make sure you post the contents of the text file as a copy and paste...do not attach it as an attachment. Liz

[BovinaCowHateWindTurbines]

Thanks I'll give it a try - weee another day battling the trojans.....

is there a service that I can shut down temporarily?

[tee-tee]

Go to Google.

Type avg in the search bar.

The first non-sponsored link should be Grisoft's AVG, with areas for free downloads. Download the free antivirus, the free antispyware, and if you're feeling frisky get the rootkit too. Run these, then report back.

[BovinaCowHateWindTurbines]

Quote:

Originally Posted by tee-tee

Go to Google.

Type avg in the search bar.

The first non-sponsored link should be Grisoft's AVG, with areas for free downloads. Download the free antivirus, the free antispyware, and if you're feeling frisky get the rootkit too. Run these, then report back.

Thanks got the logs up on the Malware forum as southernlady suggested - and got a response - I am hesitant to download, install anything (which is impossible anyway) until I see what they say - thanks

[southernlady5464]

Quote:

Thanks got the logs up on the Malware forum as southernlady suggested - and got a response - I am hesitant to download, install anything (which is impossible anyway) until I see what they say - thanks

We always say, too many cooks spoil the pot. If you have a response, let them do their work. Liz

[BovinaCowHateWindTurbines]

Thanks great forum - great that people want to help people () I try to do my part. Thanks again SL

[tee-tee]

Quote:

Originally Posted by southernlady5464

We always say, too many cooks spoil the pot. If you have a response, let them do their work. Liz

LOL!

[southernlady5464]

Quote:

Then I buy Spywarebot based on another thread here

I just realized what you posted there...

I read it but didn't read it, kwim? Spywarebot is adware/spyware. What you wanted was Spybot

Spybot is FREE. Liz

[BovinaCowHateWindTurbines]

I award southernlady5464 as senior technology leader for this forum...

Many thanks and many safer than before - nice wake up call and nice ending - agin thanks to southernlady5464


Thanks SL

Cow