Nightmare: Trojano & others

Hi everybody, I’m new to this forum so please be gentle!

I’ve spent most of last 4 days in front on my PC trying to uderstand and fix a problem I have with Trojans, I’ve tried almost everything - except formatting the disk, but to no avail, and I would very grateful if you guys can suggest a way to fix my problem.

Launching IE Explorer 6.0, there is a delay of 30 seconds or so and then a page s3xy.bz is displayed and then … lots of messages are displayed in yellow highlight at the bottom of the screen indicating that a virus has been detected in c:\documents and settings\username …" and then Avast starts displaying a number of Trojan found messages.

The Avast log shows:

Sign of “Win32:Trojano-1858 [Trj]” has been found in “C:\dgfgdfgdfb.exe” file

Sign of “Win32:IstBar-AJ [Trj]” has been found in “C:\yspweb.exe” file.

Sign of “Win32:Trojano-1858 [Trj]” has been found in “C:\Documents and Settings\Stevie\Local
Settings\Temporary Internet Files\Content.IE5\Q1GZATKH\blahme[1].exe” file.

Sign of “Win32:IstBar-AJ [Trj]” has been found in “C:\Documents and Settings\Stevie\Local Settings\Temporary Internet Files\Content.IE5\Q1GZATKH\regular_plugin[1].exe” file.

Sign of “JS:Istbar [Trj]” has been found in “http://install.xxxtoolbar.com/ist/scripts/prompt.php?retry=2&loadfirst=1&delayload=0&account_id=153248&recurrence=always&adid=a1119141250&event_type=onload\PxB7” file.

Sign of “Win32:Trojano-1858 [Trj]” has been found in “C:\freecontentz.exe” file.

etc., etc.

After selecting the option recommended by Avast (move to chest) I cannot use IE to connect to internet.

Tried to install Mozilla and same problem

Run full Avast scan both in normal & Safe mode. Sometimes virus are detected and moved to chest. But problem described above occurs again as soon as I launch IE or Mozilla.

I just run hijackthis and trying to make any sense of reported details.

Can you please help?

Thanks

Stevie

PS - now using a friend’s PC

First, did you clean your temporary internet files and disable system restore?
Second, can you on-line scanning this computer, I mean, is it connected to the Internet, can you scan it on-line?

Delete the temporary Internet files: To do this go to Internet explorer >Tools > Internet options > Delete files > Click delete all offline content (just to be sure) > click ok. It might take some time to delete them.

Enable/Disable System restore on Windows ME: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264887
Enable/Disable System restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;[LN];310405

You could try on-line scanning and report what you get. See: http://www.mwti.net/antivirus/mwav.asp or http://www.security-ops.tk
Other: TrendMicro Housecall, Bit Defender, F-Secure (ActiveX required).

Hi Tech,

(First) I didn’t clean and disable system restore. Will try tonight

(Second) I’ve been trying to access Symantec for on-line scanning but after the problem occurs double-clicking on IE a blank page is displayed with message indicating that cannot find page / server. When double-clicking on Mozilla a blank page with “Done” on status bar is displayed. In both instances I’m connected to the Internet (ADSL).

I will try again tonight - London time is 13:00 so will try around 21.00 (UK time)

Many thanks