my computer has just gotten infected with a virus and Zonealarm had found it but apparently it cannot quarantine it nor delete it so it is going rampant on my computer. the virus is: Trojan.Win32.BHO.whc . it has even left a permanent logo on the bottom of my screen (blue and white shield) with my other program logos which I cannot remove

I get numerous popups from a fake security program, as well as mulitple IE windows being automatically opened and forwarded to pornorgraphic sites and fake security system sites. I get so many of these popups and interuptions that its hard to manage even coming here to type but Im desperate so I hope you can help.

I'm only an intermediate with computers so the high tech stuff is way over my head, but I hope we can work on fixing this problem somehow.

other aliases that have come up are:

not-a-virus:AdWare.Win32.BHO.gkp

Trojan-Downloader.Win32.Fraudload.vxko

Hello Tech-tension, welcome back to the forum!

If you could click the prework link in my signature, follow all the instructions and then post back the requested logs - then our security team can assess them for you and advise you on what course of action needs be taken

We have a fantastic security team here and I am sure they will get your PC up and running again!

Regards,

Smokeycheech

I haven't been able to get past step one in the prework. the virus stops me from downloading the programs that are needed before they are finished, and I don't even understand how to unzip a file. now, it is able to replace websites with a fake IE warning that the site is unsafe, I had to try three times just to get here. by the time I ever figure out all the prework, my computer will be toast I'm not sure what to do at this point

You will need to download ComboFix.exe. Download Combofix from any of the links below. You must rename it before saving it. Name it ComFx, and Save it to your desktop.You may have to download it on another computer and transfer it to yours if the malware is still blocking it.


http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe


* IMPORTANT !!! Save ComboFix.exe to your Desktop
It is important that it is saved and renamed following this process directly to your desktop**


Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools. More help on your specific AV here: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Double click on ComFx.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes to continue scanning for malware.
When finished, it shall produce a log for you. Please include the ComboFix.txt in your reply.

Caution.....
Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.

thanks for your reply..

last night I got desperate and downloaded a new malware removal program, and after it finished I have'nt had any problems or popups on my computer, everything seems to be running as normal. I will add the logs here, even though I know it was not the program you suggested. I'm hoping my problem has been completely solved but I will keep your information on hand in case I need it, you guys are really helpful and I appreciate all your assistance, this site is invaluable.....

logs:

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3
03/11/2009 10:48:31 PM
mbam-log-2009-11-03 (22-48-31).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 197699
Time elapsed: 4 hour(s), 40 minute(s), 17 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 5
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{c277b942-1f68-486b-8f95-6e486a13f148} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c277b942-1f68-486b-8f95-6e486a13f148} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransp orterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransp orterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\setup.player (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\setup.player.2k2 (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WinPC AntiVirus (Rogue.WinPCAntiVirus) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\System Tool (Fake.SystemTool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\System Tool (Fake.SystemTool) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\SYSTEM32\iehelper.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jenine\Application Data\asd.bat (Rogue.WinPCDefender) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\~.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\iapgqt\xscvsysguard.exe (Fake.SystemTool) -> Delete on reboot.

Its best if you carry on with Combofix to be sure its clean.