Thanks in advance for you time...but my computer has all of a sudden gone
very slow in it operations. I have run my virus software (AVG free version)
as well as ad aware for spam and have found nothing. I checked the speed of
my cable signal and it is around 3000 which is very fast. I rebooted my
cable modem and got rid of all the internet files and it made no difference.
Interesting when I try to log out i get this message that i must close all
files otherwise I will lose the information. SO I have to click on something
to close down my computer. THis is wierd because I have no known files
running. IS all this a sign that there is a problem with a worm or virus? HOw
do I find out what is going on especially since my software for viruses does
not show anything. I Have had this problem before where the anti-virus
software does not show a worm.....any suggestions you have would be most
appreciated...
thanks...
--
writer

writer wrote:

> Thanks in advance for you time...but my computer has all of a sudden
> gone very slow in it operations. I have run my virus software (AVG
> free version) as well as ad aware for spam and have found nothing. I
> checked the speed of
> my cable signal and it is around 3000 which is very fast. I rebooted
> my cable modem and got rid of all the internet files and it made no
> difference. Interesting when I try to log out i get this message that
> i must close all files otherwise I will lose the information. SO I
> have to click on something to close down my computer. THis is wierd
> because I have no known files running. IS all this a sign that there
> is a problem with a worm or virus? HOw do I find out what is going on
> especially since my software for viruses does
> not show anything. I Have had this problem before where the
> anti-virus software does not show a worm.....any suggestions you have
> would be most appreciated...
> thanks...

Here are general malware removal steps:
http://www.elephantboycomputers.com/...moving_Malware

However, your problem might have nothing to do with malware. Check to
make sure your drives are using a DMA mode and not PIO. Here is a link
that explains that:

http://www.michna.com/kb/WxDMA.htm

And here are some general "slow computer" troubleshooting steps:

http://www3.telus.net/dandemar/slowcom.htm
http://aumha.org/a/health.htm - Take Out the Trash (section 4)

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

From: "writer" <writer@discussions.microsoft.com>

| Thanks in advance for you time...but my computer has all of a sudden gone
| very slow in it operations. I have run my virus software (AVG free version)
| as well as ad aware for spam and have found nothing. I checked the speed of
| my cable signal and it is around 3000 which is very fast. I rebooted my
| cable modem and got rid of all the internet files and it made no difference.
| Interesting when I try to log out i get this message that i must close all
| files otherwise I will lose the information. SO I have to click on something
| to close down my computer. THis is wierd because I have no known files
| running. IS all this a sign that there is a problem with a worm or virus? HOw
| do I find out what is going on especially since my software for viruses does
| not show anything. I Have had this problem before where the anti-virus
| software does not show a worm.....any suggestions you have would be most
| appreciated...
| thanks...
| --
| writer


For non-viral malware...

Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/

* SpyBot Search and Destroy v1.4
http://security.kolla.de/

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

* BHODemon
http://www.definitivesolutions.com/bhodemon.htm

For viral malware...

* Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

(Thanks for your help....but I was unable to run the diagnostics for PIO as
it does not seem to work in my computer. When I went to the click on the plus
sign to the left of IDE ATA/ATAPI Controller, double-click on the secondary
IDE channel, click on Extended Settings and check whether it is set to DMA
when available....I did not fiind anything that resembles that problem.

INstead I click on the IDE ATA/ATAPI I get two lines that say the same thing
and are identical.... NVIdia N force 3 250 parrallel ATA (V2.6)...when I
click on one of these and then click on the secondary CHannel...all it says
is that it lets BIOS select transfer mode...it says nothing about DMA OR
IDE....so this artilce does not help me very well.....what did I do wrong or
what can I do to check whether my computer is in IDE or DMA mode...

thanks.... I did run the Micorsoft program and it discovered nothing in spy
ware....

thanks for you time...

writer
--
writer


"Malke" wrote:

> writer wrote:
>
> > Thanks in advance for you time...but my computer has all of a sudden
> > gone very slow in it operations. I have run my virus software (AVG
> > free version) as well as ad aware for spam and have found nothing. I
> > checked the speed of
> > my cable signal and it is around 3000 which is very fast. I rebooted
> > my cable modem and got rid of all the internet files and it made no
> > difference. Interesting when I try to log out i get this message that
> > i must close all files otherwise I will lose the information. SO I
> > have to click on something to close down my computer. THis is wierd
> > because I have no known files running. IS all this a sign that there
> > is a problem with a worm or virus? HOw do I find out what is going on
> > especially since my software for viruses does
> > not show anything. I Have had this problem before where the
> > anti-virus software does not show a worm.....any suggestions you have
> > would be most appreciated...
> > thanks...
>
> Here are general malware removal steps:
> http://www.elephantboycomputers.com/...moving_Malware
>
> However, your problem might have nothing to do with malware. Check to
> make sure your drives are using a DMA mode and not PIO. Here is a link
> that explains that:
>
> http://www.michna.com/kb/WxDMA.htm
>
> And here are some general "slow computer" troubleshooting steps:
>
> http://www3.telus.net/dandemar/slowcom.htm
> http://aumha.org/a/health.htm - Take Out the Trash (section 4)
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User
>

thanks for your time....I already had run my ad aware software but realized
after you posted that my spy bot was version 1.3 so it took me a while to up
date to 1.4 (becuase my computer is so slow) .... And that one also did not
find any thing...in short my computer is completly void of spam...which is
wierd...usually it has some spam....I do not know how to do them in the safe
mode....so was unable to do this.

the next section was DHO demon and he is out of commission right now because
of a fire.

The next section is multi av exe and I was unable to unzip this file because
evidently I do not have win zip on my comuter. NOt sure if I have to buy this
program or what....but please advise whether this program is worth the
money..... I am sorry for my inexpertease in computer work.....(spelling
intentional)....lol....I will try what you suggest but capability is another
thing....

The next
--
writer


"David H. Lipman" wrote:

> From: "writer" <writer@discussions.microsoft.com>
>
> | Thanks in advance for you time...but my computer has all of a sudden gone
> | very slow in it operations. I have run my virus software (AVG free version)
> | as well as ad aware for spam and have found nothing. I checked the speed of
> | my cable signal and it is around 3000 which is very fast. I rebooted my
> | cable modem and got rid of all the internet files and it made no difference.
> | Interesting when I try to log out i get this message that i must close all
> | files otherwise I will lose the information. SO I have to click on something
> | to close down my computer. THis is wierd because I have no known files
> | running. IS all this a sign that there is a problem with a worm or virus? HOw
> | do I find out what is going on especially since my software for viruses does
> | not show anything. I Have had this problem before where the anti-virus
> | software does not show a worm.....any suggestions you have would be most
> | appreciated...
> | thanks...
> | --
> | writer
>
>
> For non-viral malware...
>
> Please download, install and update the following software...
>
> * Ad-aware SE v1.06
> http://www.lavasoft.de/
> http://www.lavasoftusa.com/
>
> * SpyBot Search and Destroy v1.4
> http://security.kolla.de/
>
> After the software is updated, I suggest scanning the system in Safe Mode.
>
> I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
> that may be on the PC.
>
> * BHODemon
> http://www.definitivesolutions.com/bhodemon.htm
>
> For viral malware...
>
> * Download MULTI_AV.EXE from the URL --
> http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
> FireWall to allow it to download the needed AV vendor related files.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in Normal Mode.
> This way all the components can be downloaded from each AV vendor's web site.
> The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
>
> You can choose to go to each menu item and just download the needed files or you can
> download the files and perform a scan in Normal Mode. Once you have downloaded the files
> needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
> during boot] and re-run the menu again and choose which scanner you want to run in Safe
> Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
> file. http://www.ik-cs.com/multi-av.htm
>
>
> * * * Please report back your results * * *
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

From: "writer" <writer@discussions.microsoft.com>

| thanks for your time....I already had run my ad aware software but realized
| after you posted that my spy bot was version 1.3 so it took me a while to up
| date to 1.4 (becuase my computer is so slow) .... And that one also did not
| find any thing...in short my computer is completly void of spam...which is
| wierd...usually it has some spam....I do not know how to do them in the safe
| mode....so was unable to do this.
|
| the next section was DHO demon and he is out of commission right now because
| of a fire.
|
| The next section is multi av exe and I was unable to unzip this file because
| evidently I do not have win zip on my comuter. NOt sure if I have to buy this
| program or what....but please advise whether this program is worth the
| money..... I am sorry for my inexpertease in computer work.....(spelling
| intentional)....lol....I will try what you suggest but capability is another
| thing....
|
| The next

BHODemon's author is out-of-commission. NOT the software. It still can be downloaded and
used, there just won't be new updates.

http://www.majorgeeks.com/downloadge...4332b4b8b8442d

The Multi AV Scanning Tool Multi_AV.exe does NOT need WinZIP. It is a self-extracting ZIP
file.

Just perform the following directions....

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Dear David...

wow...I ran McAfee and it took over 3 hours and it found over 21 things that
it got rid of...that makes no sense since I have AVG (the free variety) and
AD aware...and spy bot. I have the log of what it got rid of....but it also
included a trojan. I am now scanning with Trend Micro but not sure I can stay
up another 3 hours...

I do not know how to scan in safe mode can you please tell me how to do that
because how do you access files in safe mode?

....but it looks like I have cleared out alot of stuff...how many of these
should I do? This is very tedius...and also I am wondering why there is a
trojan with the firewall I have from windows xp running....?

You have been a very big help so far...should I copy down what you sent to
me to try incase this happens again? I was never able to figure out how to
run the execute file that you wanted me to run? How does one run such a file?
I had to find the file on my hard drive and then click on start...that seemed
to work. Do I need to reboot after each run I have with group...so should I
have run McAfee and then rebooted and then run Trend micro?

hopefully you have some time to answer these questions...and still not
sure how to do safe mode... here is my log...
--
writer
Scanning C: []
Scanning C:\*.*
C:\Program Files\Common
Files\Real\WeatherBug\MiniBugTransporter.dll\00017 b68.EXE ... Found
potentially unwanted program Downloader-AGT.
The file or process has been deleted.
The archive has been deleted.
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCP.cpl ... Found
potentially unwanted program Viewpoint.
The file or process has been deleted.
C:\WINDOWS\cpbrkpie.ocx ... Found potentially unwanted program CouponBar.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1015.inf ... Found
potentially unwanted program Adware-GAIN.inf.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1018.dll ... Found
potentially unwanted program Adware-GAIN.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1018.inf ... Found
potentially unwanted program Adware-GAIN.inf.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.inf ... Found
potentially unwanted program Adware-GAIN.inf.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1018.dll ... Found
potentially unwanted program Adware-GAIN.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1018.inf ... Found
potentially unwanted program Adware-GAIN.inf.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1019.inf ... Found
potentially unwanted program Adware-GAIN.inf.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1018.dll ... Found
potentially unwanted program Adware-GAIN.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1018.inf ... Found
potentially unwanted program Adware-GAIN.inf.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1019.inf ... Found
potentially unwanted program Adware-GAIN.inf.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1018.dll ... Found
potentially unwanted program Adware-GAIN.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1018.inf ... Found
potentially unwanted program Adware-GAIN.inf.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1019.inf ... Found
potentially unwanted program Adware-GAIN.inf.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\HDPlugin1019.inf ... Found
potentially unwanted program Adware-GAIN.inf.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\HDPlugin1019.inf ... Found potentially
unwanted program Adware-GAIN.inf.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\WUInst.inf ... Found potentially
unwanted program Adware-SaveNow.
The file or process has been deleted.
C:\WINDOWS\system32\NDrv.dll ... Found potentially unwanted program
Adware-PurityScan.
The file or process has been deleted.
C:\WINDOWS\system32\service\services.exe\services. exe ... Found the
PWS-Banker.gen.p trojan !!!
The file or process has been deleted.

Summary report on C:\*.*
File(s)
Total files: ........... 381262
Clean: ................. 380452
Possibly Infected: ..... 1
Cleaned: ............... 0
Deleted: ............... 21
Non-critical Error(s): 2
Master Boot Record(s): ......... 1
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0


Time: 03:43.44



"David H. Lipman" wrote:

> From: "writer" <writer@discussions.microsoft.com>
>
> | thanks for your time....I already had run my ad aware software but realized
> | after you posted that my spy bot was version 1.3 so it took me a while to up
> | date to 1.4 (becuase my computer is so slow) .... And that one also did not
> | find any thing...in short my computer is completly void of spam...which is
> | wierd...usually it has some spam....I do not know how to do them in the safe
> | mode....so was unable to do this.
> |
> | the next section was DHO demon and he is out of commission right now because
> | of a fire.
> |
> | The next section is multi av exe and I was unable to unzip this file because
> | evidently I do not have win zip on my comuter. NOt sure if I have to buy this
> | program or what....but please advise whether this program is worth the
> | money..... I am sorry for my inexpertease in computer work.....(spelling
> | intentional)....lol....I will try what you suggest but capability is another
> | thing....
> |
> | The next
>
> BHODemon's author is out-of-commission. NOT the software. It still can be downloaded and
> used, there just won't be new updates.
>
> http://www.majorgeeks.com/downloadge...4332b4b8b8442d
>
> The Multi AV Scanning Tool Multi_AV.exe does NOT need WinZIP. It is a self-extracting ZIP
> file.
>
> Just perform the following directions....
>
> Download MULTI_AV.EXE from the URL --
> http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
> FireWall to allow it to download the needed AV vendor related files.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in Normal Mode.
> This way all the components can be downloaded from each AV vendor's web site.
> The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
>
> You can choose to go to each menu item and just download the needed files or you can
> download the files and perform a scan in Normal Mode. Once you have downloaded the files
> needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
> during boot] and re-run the menu again and choose which scanner you want to run in Safe
> Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
> file. http://www.ik-cs.com/multi-av.htm
>
>
> * * * Please report back your results * * *
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

Go to this site and download BootSafe:
http://www.superadblocker.com/bootsafe.html Freeware and simple. Install
it and use it to boot to safe mode. When booted in safe mode, just run the
programs David suggested as you would normally run any program.

--
***
NEVER download files from anywhere unless it is from the website of the
developer, manufacturer or some entity that you trust. Developer websites
ALWAYS have the most up to date files that haven't been tampered with by
some third party who is "hosting" (read Leeching or Stealing) those files
without permission. Never open email attachments from people you don't
know. It's called Safe Hex.
***

"writer" <writer@discussions.microsoft.com> wrote in message
news:171DD413-4AC6-4830-A5EC-06F9721DDEC0@microsoft.com...
> Dear David...
>
> wow...I ran McAfee and it took over 3 hours and it found over 21 things
> that
> it got rid of...that makes no sense since I have AVG (the free variety)
> and
> AD aware...and spy bot. I have the log of what it got rid of....but it
> also
> included a trojan. I am now scanning with Trend Micro but not sure I can
> stay
> up another 3 hours...
>
> I do not know how to scan in safe mode can you please tell me how to do
> that
> because how do you access files in safe mode?
>
> ...but it looks like I have cleared out alot of stuff...how many of these
> should I do? This is very tedius...and also I am wondering why there is a
> trojan with the firewall I have from windows xp running....?
>
> You have been a very big help so far...should I copy down what you sent to
> me to try incase this happens again? I was never able to figure out how to
> run the execute file that you wanted me to run? How does one run such a
> file?
> I had to find the file on my hard drive and then click on start...that
> seemed
> to work. Do I need to reboot after each run I have with group...so should
> I
> have run McAfee and then rebooted and then run Trend micro?
>
> hopefully you have some time to answer these questions...and still not
> sure how to do safe mode... here is my log...
> --
> writer
> Scanning C: []

<SNIP>

From: "writer" <writer@discussions.microsoft.com>

| Dear David...
|
| wow...I ran McAfee and it took over 3 hours and it found over 21 things that
| it got rid of...that makes no sense since I have AVG (the free variety) and
| AD aware...and spy bot. I have the log of what it got rid of....but it also
| included a trojan. I am now scanning with Trend Micro but not sure I can stay
| up another 3 hours...
|
| I do not know how to scan in safe mode can you please tell me how to do that
| because how do you access files in safe mode?
|
| ...but it looks like I have cleared out alot of stuff...how many of these
| should I do? This is very tedius...and also I am wondering why there is a
| trojan with the firewall I have from windows xp running....?
|
| You have been a very big help so far...should I copy down what you sent to
| me to try incase this happens again? I was never able to figure out how to
| run the execute file that you wanted me to run? How does one run such a file?
| I had to find the file on my hard drive and then click on start...that seemed
| to work. Do I need to reboot after each run I have with group...so should I
| have run McAfee and then rebooted and then run Trend micro?
|
| hopefully you have some time to answer these questions...and still not
| sure how to do safe mode... here is my log...

Fitz as given you good follow-up directions so I'll just answer the other parts.

Are you saying you already had Ad-aware SE v1.06 and SpyBot S&D v1.4 ?

Earlier versions such Ad0-aware 6 and SpyBot S&D v1.3 should be replaced and updated the the
latest versions.

I am sorry that it takes so long but these tools are agressive and highly effective as the
McAfee HTML Log file indicates. It is far better to prevent the to fix. And you are seeing
both the side effect consequences and time consequences of poor prevention.

No one software does everthing. Your *best* defense will always be Safe Hex practices. If
you don't you chance being infected will the malware thay you have. When you are, you have
to use a myriad of tools to remove it all.

http://www.claymania.com/safe-hex.html

What was found on your PC was not good. Gain software such as Gator are know adware/spyware
and Gain makes *many* more.

However, what was also found was "Downloader-AGT" and what's worse, "PWS-Banker.gen.p
trojan".

The first is a Dowbloader Trojan that goes out and automatically downloads other malware.

PWS-Banker.gen.p trojan -- http://vil.nai.com/vil/content/v_132640.htm

http://vil.nai.com/vil/content/v_103059.htm

"Password Stealers may steal data from the hard drive.

This data might include:

CD Keys for various games
credit card details
your local username/password

It may also log keystrokes for login details for banking applications, for example while
Internet Explorer is open and connected to specific websites"



--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

once your system is clean, dont forget to run scandisk and then defrag your
drive. As the file structure fragements with files being written to and
deleted from the drive the systme performance gets abysmal. Open IE then go
to tools->internet options click on delete files(this will empty the
internet cache and clear up drive room(as windows gets low on space the
performance drops dramaticaly) you may also what to, on that same page,
click delete cookies.

Jon
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:O$lXCwkAGHA.2356@tk2msftngp13.phx.gbl...
> From: "writer" <writer@discussions.microsoft.com>
>
> | Dear David...
> |
> | wow...I ran McAfee and it took over 3 hours and it found over 21 things
> that
> | it got rid of...that makes no sense since I have AVG (the free variety)
> and
> | AD aware...and spy bot. I have the log of what it got rid of....but it
> also
> | included a trojan. I am now scanning with Trend Micro but not sure I can
> stay
> | up another 3 hours...
> |
> | I do not know how to scan in safe mode can you please tell me how to do
> that
> | because how do you access files in safe mode?
> |
> | ...but it looks like I have cleared out alot of stuff...how many of
> these
> | should I do? This is very tedius...and also I am wondering why there is
> a
> | trojan with the firewall I have from windows xp running....?
> |
> | You have been a very big help so far...should I copy down what you sent
> to
> | me to try incase this happens again? I was never able to figure out how
> to
> | run the execute file that you wanted me to run? How does one run such a
> file?
> | I had to find the file on my hard drive and then click on start...that
> seemed
> | to work. Do I need to reboot after each run I have with group...so
> should I
> | have run McAfee and then rebooted and then run Trend micro?
> |
> | hopefully you have some time to answer these questions...and still not
> | sure how to do safe mode... here is my log...
>
> Fitz as given you good follow-up directions so I'll just answer the other
> parts.
>
> Are you saying you already had Ad-aware SE v1.06 and SpyBot S&D v1.4 ?
>
> Earlier versions such Ad0-aware 6 and SpyBot S&D v1.3 should be replaced
> and updated the the
> latest versions.
>
> I am sorry that it takes so long but these tools are agressive and highly
> effective as the
> McAfee HTML Log file indicates. It is far better to prevent the to fix.
> And you are seeing
> both the side effect consequences and time consequences of poor
> prevention.
>
> No one software does everthing. Your *best* defense will always be Safe
> Hex practices. If
> you don't you chance being infected will the malware thay you have. When
> you are, you have
> to use a myriad of tools to remove it all.
>
> http://www.claymania.com/safe-hex.html
>
> What was found on your PC was not good. Gain software such as Gator are
> know adware/spyware
> and Gain makes *many* more.
>
> However, what was also found was "Downloader-AGT" and what's worse,
> "PWS-Banker.gen.p
> trojan".
>
> The first is a Dowbloader Trojan that goes out and automatically downloads
> other malware.
>
> PWS-Banker.gen.p trojan -- http://vil.nai.com/vil/content/v_132640.htm
>
> http://vil.nai.com/vil/content/v_103059.htm
>
> "Password Stealers may steal data from the hard drive.
>
> This data might include:
>
> CD Keys for various games
> credit card details
> your local username/password
>
> It may also log keystrokes for login details for banking applications, for
> example while
> Internet Explorer is open and connected to specific websites"
>
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>