I have a ie logo on mys desktop which launched to this address http://www.sfc006.com/?Activex

The file originated from a removable disk on my USB. I am a teacher and picking up viruses is day to day. I haven’t been at school for a week, and expected the disk to be free. This wasn’t the case, it had become re-infected (somehow) and I inadvertantly clicked on one of the .exe’s disguised as folders.

Screen filled with error messages as the virus shut processes down and turned the computer off.
Re-booted, failed the first two times. Third time, I managed to close down most off the processes with procexp.exe before it went mental and shut everything down again.

Ran an AVAST scan, which identified some of the problems.
Then ScanSpyware, which discovered 160 malware type infections.

The ie. logo remains on my desktop. It can not be deleted. It has a left click menu with the following options:

How do I remove this logo and ensure my system is back to normal?

http://farm8.staticflickr.com/7009/6497965597_a03f303a14.jpg

---

ScanSpyware 3.9 (Build 2.2)

Files attached.

Hello there,

ScanSpyware is a FAKE AV aka Rogue.Rogue security software, also known as “scareware,” is software that appears to be beneficial from a security perspective but provides limited or no security, generates erroneous or misleading alerts, or attempts to lure users into participating in fraudulent transactions.
Follow these steps :
1)Download and Install MalwareBytes Anti Malware from here :
http://www.malwarebytes.org/
2)Install
3)Update
4)I repeat,UPDATE.Do NOT forget it.
5)Do a quick scan
6)Post the log.

Hi folks,

If took the URL given in the first posting. Make it non-click=through please.
I scanned it through Wepawet, see:
http://wepawet.iseclab.org/view.php?hash=7247d6715a214e96d1e91ed9ba8c6487&t=1323702633&type=js
In that analysis found:
link src="-http://hzs23.cnzz.com/stat.htm?id=3461763&r=&lg=undefined&ntime=0.82333500 …
a Trojan Downloader Win32 Small not a virus …Chinese adware…

polonus

Right…

I removed Malwarebytes. As an LSP, it was interfering with iTunes.
But.
Here is the file you requested.

your log say “No Action Taken” … you need to click the “Remove Selected” button after scan to quarantine the infections…did you do that ?

Hi you have quite a few AVG drivers still running I would recommend that you use the AVG removal tool http://www.avg.com/ww-en/utilities

There are also some proxy settings - did you do those ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL FF - prefs.js..browser.search.defaultenginename: "Web Search" O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ajkxppwsqw.lnk = File not found O27 - HKLM IFEO\360sd.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\360sdrun.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\799d.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\AntiU.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\ArSwp.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\ArSwp2.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\ArSwp3.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\AST.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\atpup.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\AvU3Launcher.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\DSMain.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\filmst.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\irsetup.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\jisu.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\knsd.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\knsdave.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\knsdtray.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\KSWebShield.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\KWSMain.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\kwstray.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\KWSUpd.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\pfserver.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\qheart.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\QQDoctorRtp.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\QQPCMgr.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\QQPCRTP.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\QQPCSmashFile.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\QQPCTray.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\qsetup.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\ravcopy.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\rsnetsvr.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\RsTray.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\rstrui.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\ScanFrm.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\ScanU3.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\SREngPS.EXE: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\stormii.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\sxgame.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\tmp.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\upiea.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\USBCleaner.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\wbapp.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\XDelBox.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\zhudongfangyu.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O27 - HKLM IFEO\zjb.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) [2011/12/11 17:23:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\qonacuqjdx [2011/12/11 17:23:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kydutfxnnk

:Files
ipconfig /flushdns /c
c:\documents and settings\toshiba\my documents\downloads\u
c:\documents and settings\toshiba\my documents\downloads\u999
c:\documents and settings\toshiba\favorites&çí·×íøö·µ¼º½&.url

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.