avast keeps popping up with these messages every 5 minutes:
c:\autorun.inf contains sample of ‘bv:autorun-t [wrm]’!
and
d:\autorun.inf contains sample of ‘bv:autorun-t [wrm]’!
i did a full scan with avast and it said there wern’t any threats so how do i stop these messages from appearing
Let your USB drive plugged and run Autorun Eater or Flash Disinfector, allowing them to clean up all drives. They would create hidden folders named autorun.inf in each partition and every USB drive plugged in when you ran it. These folders protect your drives from future infection. After that, reboot your computer.
the virus isn’t from a usb drive though as i havn’t put one in for the last few days and the virus alert onoly started showin up today.
That programs will clean the fixed disks c: and d: (hard disks) also.
I also suggest:
heres the hijackthis log file in the attachment
does anyone see what the problem is from the log file?
Gee you’re impatient.
The Sun Java is down level but that’s not the problem I don’t think.
Go to Add/Remove Programs and un-install all Sun Java installs.
The latest Sun Java is Runtime Environment 1.6.0.14
http://filehippo.com/download_java_runtime
Looks like the system is infected with DNS Changer
O17 - HKLM\System\CCS\Services\Tcpip..{483E6976-B351-4980-B960-E165A697E9D5}: NameServer = 85.255.112.113,85.255.112.175
O17 - HKLM\System\CCS\Services\Tcpip..{796DECB5-83D9-40CF-850F-D3358EBE12EB}: NameServer = 85.255.112.113,85.255.112.175
O17 - HKLM\System\CCS\Services\Tcpip..{DD0776BD-5582-4A88-A0E6-56CD9FDCF422}: NameServer = 85.255.112.113,85.255.112.175
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.113,85.255.112.175
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.113,85.255.112.175
O
ok updated the java.
with that autorun eater program i keep getting the message:
error deleting suspicious autorun.inf file from OS(c:)
what should i do about the DNS changer then?
See my previous response.
Follow the advice given by Tech in 3.
You have a lot of 017 entries registered to Ukraine- very suspicious!
Also using P2P is a very easy way to get your system infected:
Perils of P2P File Sharing
http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/305923-perils-p2p-file-sharing.html
what are those ukraine entries and why are they suspicious
Here’s what they are:
http://www.bleepingcomputer.com/tutorials/tutorial42.html#O17Diag
Why are they suspicious?
Because they’re in the Ukraine.
http://voices.washingtonpost.com/securityfix/2008/03/ukranian_cybercrime_boss_leads.html
One of these men is a Ukrainian cyber crime boss and the other is a Ukrainian politician.
:
The only difference I can see is one is on top of the other, but I don’t think that matters. 
:
ok so ive done all the steps in post 3 except secunia which doesnt want to work for me
what should i do now?
now i keep getting this message whenever i open intener explorer or i open a new tab or link. that message is followed by another message saying java has stopped working.
im getting really fed up now >:( >:( >:( >:(
For my curiosity, download rootrepeal, and copy/paste the scan results
http://www.malwarebytes.org/forums/index.php?showtopic=12709
see attachment for rootrepeal file
Sorry, that looks gibberish on my pc. Copy/paste the log in your next post