Were these 19000 files many different viruses, Trojans, worms, spyware, adware etc. or many files containing the same malware? Was the computer clean before the attack?
What is your operating system and firewall?
Here are some free scanners you can try. Download, install and update, then go off line and run scans with all of them. When you have finished, please post a HijackThis! log for us to look at:
If you find many instances of malware with each scanner, I would suggest backing up your files and reinstalling you OS/system recovery disc, especially if you’re finding Trojan backdoors, worms etc.
Don’t forget to update your system if you do reinstall.
Thanx for the ultra fast reply! Unfortunately, without a mouse I’m not that fast… and scanning 700 000 files a couple of times takes a while. It’s all done now and I’ve posted the Hijackthis-log.
I’m running XP and use windows firewall and zonealarm.
Well… The virus runs a lot of svchost… I think - but I haven’t figured out exactly what it does right now (before it replicated itself to 19000 files, mainly setup.exe in my upload-folder and system restore folder).
My mouse is dead and I don’t know if the cleaning killed the mouse driver… or something…
That’s what I was guessing, so if you have another mouse from a different manufacturer maybe there would be a functioning driver for that one still on your computer. It won’t solve the underlying problem but might make the process easier.
Well… I downloaded and reinstalled the mousedrivers and it still doesn’t work. Sometimes when I reboot, the mouse works for a few secs and then it freezes. That’s why I suspect a virus process that’s shutting it down… I’m looking for an old mouse now (Geez it’s annoying to browse the web with the keyboard)
FreewheelinFrank - I could not see the full name or paths of the files because of the small window… but some names except the setup.exe was; wmidext.dll, def.dat and install.sss
When I run Avast now it detects 74 files and the comment “could not scan” hmmm… and I can’t do anything with them.
Should STOP thinking "virus"; you have something a lot worse than a "virus". Other than Avast
and an unnamed firewall, what other security programs do you have on your computer ?
And those 74 "could not scan" are most likely answered at
http://www.avast.com/eng/faq-other-questions.html
where it says : "Q: When the file scanning is finished, avast! comes up with a number of files listed as "unable to scan", even though I have used a thorough scan. Should I be concerned?
A: Some files are permanently locked by the system or they are in password-protected archives. These files cannot be scanned. It is normal and you don´t have to be worried about that. "
Well, I use zonealarm… and the windows firewall. Besides that… nothing? I use the adAware, Hijackthis and other small programs frequently. Before I changed my internet-provider I never had any probs…
nervous worse than virus???
Someone found a backdoor and uses my computer???
But the mouse prob is funny - it is working for a few secs, then the hourglass pops up next to the pionter and it freezes… driving me crazy.
Spiritsongs, if you have some insight please share it but let’s not cause undue worry.
@ Krazypal - after running the scans mentioned by FreewheelingFrank please post the hjt log he suggested. Toss in an F-Secure Blacklight scan while you’re at it
Did the Blacklight but it didn’t find anything… I’ll post my Hijackthis log here if it helps… There must be a process that’s shutting my mouse down - because it works for those few secs after rebooting.
Logfile of HijackThis v1.99.1
Scan saved at 11:22:03, on 2007-02-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
I can’t see anything in the log, but wmidext.dll looks like it might be an adware infection, maybe NSIS. Have you run Ad-Aware and Spybot? I’ve seen Spybot clean up an NSIS infection recently, so that might be work a try.
Have you seen any pop-up ads.
I’ll post again later when I have time to do a bit more research.
When you say the wrong driver, was it ipoint.exe that you removed? That’s the one that seems to be a problem driver for many people, and this really does seem more like a driver conflict than malware imho. You have no other symptoms other than mouse problems now, right?
Yes the mouse is a my problem now. A funny thing happened when I changed the msconfig - removed the EMU (soundcard controlpanel) from startup. When I rebooted the mouse worked but suddenly it got a life of its own. Randomly moving and clicking around. The start → program opened. I thought I was hijacked so I pulled the line and rebooted. Now it’s back to what it was before - dead mouse.
Don’t know what happened when I changed the msconfig…
Maxthon is running from an unusual location. Did you change the default location to D:\Program 1\Internet\Maxthon\Maxthon.exe on purpose when you installed it?
Did notice from your HJT log that your Sun Java is 2-3 Updates behind, a somewhat serious
security risk . If possible, should uninstall it ASAP; the latest for your XP SP2 OS is at
www.majorgeeks.com/download4648.html .
And since you use Zone Alarm as your firewall, the built-in one in XP SP2 has hopefully been
disabled !? If not, do so .