Firstly thanks a lot for the clear instructions

I was transferring work on a removable drive from a computer at work, then the alerts started.
AVG alerts me that NSAnti has been found...win/32 NSAnti local/temp/wmy2.dll and also more recently "iesoo.dll trojan horse psw.onlinegames.2QQ"...i choose the option to put in vault. The alert appears again either on boot up or during a session.

Thanks. I attached superanti spyware log and a hijackthis log.

Attached Files

	hijackthis.log (4.9 KB, 1 views)
	SUPERAntiSpyware Scan Log - 01-31-2008 - 01-54-35.log (620 Bytes, 0 views)

hello pveal, and welcome to the forums....you've definitely got something that takes a bigger hammer to look at. Please follow the below steps:

Download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

thanks,

v

Hello Valis, thanks for the advice. I ran combofix as instructed and also hijackthis. I attached combofix log and new hijackthis log.

Thank you.

Attached Files

	hijackthis new log.txt (4.7 KB, 3 views)
	combofix log.txt (7.6 KB, 3 views)

File fix:

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:


Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Restart your computer.
When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

Hello Valis,

Just did all as instructed above, and thanks again for the clarity. Attached combofix log and HJT fresh log.

Attached Files

	hijackthis log new 2.txt (4.8 KB, 2 views)
	ComboFix.txt (8.1 KB, 1 views)

First, please right-click on start, and choose Explore. Click on Tools, Folder Options, and then View. Make sure that there is a tic next to Display contents of System Folders, Show Hidden Files and Folders is selected, and Hide known file extensions is not selected. Now close Explorer.


Then, go to Online malware scan and upload the following files by clicking on the 'browse' button at the top of the page and navigating to the below files. Please post the results in your next post.



C:\800dost.com



Thanks,

v