I ran a Trend Micro Housecall scan last night on both PC's in the house. On one, as well as numerous vulnerabilities in Microsoft Office, it also picked up this & on the other PC, it picked it up also. As requested by me Trend Micro disinfected. It classified this as greyware & a low threat. This AM, thought what the heck, & decided to run it again, picked it up again, both PC's. Now i have researched this thing & there is lots of talk about it but nowhere that I have found so far do they mention that it is a repeater, how you track it down or even how to remove it yourself. So here I am, any thoughts, ideas, etc?

Before anybody asks the expected question, the answer is "NO".

11446

Did you try the Bustrace (http://www.bustrace.com) program Chewy has been posting.I think it will do what your asking :)

http://www.viruslist.com/en/viruses/encyclopedia?virusid=41735

keylogger trojan, probably part of a package

download trojanhunter, update it, you'll need a heuristic scanner
disconnect from internet, if you can't boot back into windows then you have the worst one ever

run scan(deep) from windows, if it finds anything repeat from safe mode

The good news is I plugged 4 vulnerabilities in Microsoft Office, the bad news is this thing keeps coming back even after numerous housecall scans & removal which is the only thing that picks it up. Windows live, Symantec, Mcafee site advisor, System Suite 6 anti-virus & anti-spyware, Avg free, & ClamWin Free anti-virus, even ran Trend Micro SysClean package in safe mode, none of them pick it up. Tried to buy TrojanHunter online, that nightmare I don't want to talk about. So I have been fighting this thing since last night & early this AM & I am right back at square one.

http://www.misec.net/forum/board/TrojanHunter/1157392159

it's free for 30 days

I used the free trial up a while ago Chewy, that's why I tried to buy it online. I was going to buy it for both PC's.

http://www.emsisoft.com/en/software/free/


I wouldn't order anything online from the infected computer

Thanks Chewy, but all scans come back zero, nada, zilch. From what I get this thing is mostly spyware but I could be delirious by now, who knows. BTW, according to Trend, who are the only ones that see this, both computers have it.

Here is another setting but they never show you what files & an info pic.

11458

11459

Just an update, it looks like this is coming down to a conflict between Trend Micro online & System Suite. Found out by accident, do a scan, have to come back & repair System Suite. Nothing else whatsoever picks this up & trust me I have ran a lot of scans with lots of different programs.

Well make sure your computer is not attached to a phone line. If you are on dial-up (which I doubt) then go for the scrub.

Now try to get the exact name of the virus or a file that it is called.

Then google that virus name with 100 returns.

In one of those returns, it will talk about regedit fixes and others.

If it is really crafty, it will not allow you to delete it.

That is where "Unlocker" comes in handy. Run unlocker through the infected file and delete it. If unlocker is unable, it will tell you to reboot and it will do it automatically. You may have to do this several times so bookmark the site where you got the instructions from so you can easily find it when you reboot.

I am talking from experience with Virusburst.
Gary

Also turn off system restore so that it doesn't come back that way.

Thanks guys.