We are working on my PC, give me 10 minutes and i'll just hop onto my PC and post the log thing you were speaking about.

Here you go Joe.... this is from my PC

That looks clean to me. Can you also post the Smitfraud log?

What are the symptoms of the virus attack? What do you see of it , or what app is detecting it ect?

Lets try an online Panda AV scan from here:

http://www.pandasoftware.com/products/activescan

And when done , please post the log from it.

Well its weird because before you made me do that killing the infection thing there was a round circle flashing in the bottom right hand corner of my desktop telling me i had some worm virus, now theres absoloutely nothing and my computer seems to be running fine.

Here are some results from the panda scan....

Incident Status Location
Adware:adware/emediacodec Not disinfected c:\program files\Media-Codec
Potentially unwanted tool:application/thespyguard Not disinfected hkey_current_user\software\microsoft\windows\shell noroam\muicache\C:\Program Files\SpyGuard\SpyGuard_Monitor.exe
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Legal User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar .jar-2583f9fa-46b9e63d.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Legal User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar .jar-2583f9fa-46b9e63d.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Legal User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar .jar-2583f9fa-46b9e63d.zip[VerifierBug.class]
Virus:Trj/Lowzones.SE Disinfected C:\Documents and Settings\Legal User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar .jar-2583f9fa-46b9e63d.zip[web.exe]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Legal User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar .jar-2583f9fa-46b9e63d.zip[Worker.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Legal User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar .jar-2583f9fa-46b9e63d.zip[Xeyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Legal User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar .jar-5a0ba3cf-5e6a423f.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Legal User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar .jar-5a0ba3cf-5e6a423f.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Legal User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar .jar-5a0ba3cf-5e6a423f.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Legal User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar .jar-5a0ba3cf-5e6a423f.zip[Worker.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Legal User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar .jar-5a0ba3cf-5e6a423f.zip[Xeyond.class]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Legal User\Cookies\cookie.txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Legal User\Cookies\legal user@112.2o7[2].txt
Spyware:Cookie/66.246.209 Not disinfected C:\Documents and Settings\Legal User\Cookies\legal user@66.246.209[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Legal User\Cookies\legal user@ad.sensismediasmart.com[1].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Legal User\Cookies\legal user@anm.co[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Legal User\Cookies\legal user@ccbill[1].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Legal User\Cookies\legal user@kinghost[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Legal User\Cookies\legal user@microsofteup.112.2o7[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Legal User\Cookies\legal user@searchportal.information[2].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Legal User\Cookies\legal user@xmts[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Legal User\Cookies\legal user@yadro[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Legal User\Cookies\legal_user@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Legal User\Cookies\legal_user@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Legal User\Cookies\legal_user@questionmarket[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Legal User\Cookies\legal_user@statse.webtrendslive[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Legal User\Cookies\legal_user@tribalfusion[1].txt
Spyware:Cookie/SecurityError Not disinfected C:\Documents and Settings\Legal User\Cookies\legal_user@www.safetyuptodate[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Legal User\Desktop\SmitfraudFix\SmitfraudFix\Process.exe

Ah , i see. That should have been taken care of by the smitfraud fix. I thought you already had run that earlier.
But to check if that did its job indeed , can you post the log from it?


Also click on Start->Control Panel->Java Plug-in and click on the Cache tab. Then click on the Clear button and hit OK.
If you have Java 1.5, do this instead. Start->Control Panel->Java->Then on the "general" tap below "Temporary Internet Files" click on "Delete Files.." and click OK , and OK.

Thanks for the help Joe. I'll be unavailable till Thursday so would appreciate that you take over some of the logs. Thanks.

Thanks for your help so far Joe.

If theres no 'flashing' icon in the bottom right hand corner of my desktop does that mean i'm clear of the virus i had?