Hello!

i use P4 (3gig), 1G Ram, ATi X600 - XPpro SP2, protected with Zonealarm & Avast4home. I browse with opera, mail client is thunderbird. Worked fine till yesterday

Yesterday stops my Thunderbird to work, after many :
“Win32:Small-EK [Trj]” has been found in “http://85.255.117.124/users/rainy/web/images/logo.jpg”
It will not start, hoewer, it runs in background and uses 95% of CPU. There ware allso some stupid bookmarks in IE viagra, rolex…
Allso my e-banking application has same simptoms, as Thunderbird.
i tried some Progs:
Avast4home stops on zonelabs folder
Panda activescan stops on desktop.ini
Spyboot S&D stops on sober
panda quickremover stops on zpy.dll
I can not install Adware - instalation hangs.

Sorry for my poor english & HELP! PLEASE!

Regards from Slovenija,
Robert

The location of the virus is shown as an internet URL, this means that the Web Shield intercepted it before it was saved to your browser cache. The only option given would have been to ‘abort the connection,’ effectively stopping it being saved to your hard disk.

So that particular virus shouldn’t be on your system, however I have no idea if there is anything else.

You can also schedule a boot-time scan from within avast, right click the avast icon, select Start avast! Antivirus, Menu, ‘Schedule boot-time scan…’

Panda’s on-line active scan creates a folder ‘activescan’ and installs virus signature files in your windows\system32 folder these aren’t encrypted, these files will be detected in future avast scans. Something to remember. Perhaps best to remove Panda’s active scan completely and use another on-line scanner as a back-up. On-line Virus Scanners and other useful Links Security-Ops.eu.tt

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode Ewido anti-spyware, hopefully at some point you will be able to install AdAware.

Hi Ro!

You could check the following:
Manual TrojanDownloader.Win32.Small.ek removal:
Kill process manage.exe
Delete file manage.exe

And this info:
http://www.sophos.com/virusinfo/analyses/trojsmallek.html

That is all,

polonus

HI!

@polonus:
i have no process manage.exe running

@DavidR:
Ewido hangs allso, at file system.ini.

One more thig:
my explorer.exe (proces) uses some 98% of CPU!!

Anny ideas?

I’m at a loss as to what else to suggest as your system seems very compromised.

Have you run a boot time scan with avast ?
Did you run Ewido from safe mode ?

Hi Robert :

 That "85.255.117.124" I believe is from a major spyware
 company and most likely you should be asking for help on
 the forums of your antiSPYWARE Provider.
 However, a Google "search" revealed a similar post as
 yours by a "crestasoul" who said they had Kaspersky
 which they are unsure if it was COMPLETELY removed from
 their computer !?
 And if you have the latest version ( 6.5 ) of Zone Alarm, it
 has been causing problems for many Users, causing some
 to go back to an earlier version, such as 6.1 or 5.5 .

Hi!

After some undo actions, made with Hijack this, i am under bothering from:
Adan-094, 078
Small-EK
Found allso Trojano-1269 on my HD

Ewido found this:
Trojan.DNSChanger.ek
Downloader.Agent.uj

Somewehere on net i found som wareout fix toll. Since than i can open my Windows folder.
Before this fix was this not possible.

Hijack finds allso some exe files in Windows/system32. they change name after each reboot ( at the moment: yydsz.exe)

@DavidR
Have you run a boot time scan with avast ? - yes
Did you run Ewido from safe mode ? - yes

HEY!
Thunderbird and e-bank application are running! Could this wareout fix repair it?
However, stil got problems, posted above