When I try to remove it I get an error telling me that it can not find the file specified. Which honestly I find odd since it told me about it in the first place.
I tried booting into safe mode and running the scan and it finds the same files but instead of telling me that it can not find the file it tells me it does not have permission to access the file.
It appears to be opening up multiple instances of IE running hidden. They show up under processes but you do not see otherwise.
I did some searches online but did not find anything. Right now I have the computer in question unhooked from the internet.
Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, it is better and safer to send the infected file(s) to quarantine (Chest), rather than simply deleting them.
Those files appear to be in System Restore and because of that, they would be protected.
You can try this. It will destroy all system restore points but should get rid of the problem.
Disable system restore, reboot the computer, and then activate system restore again.
I would give more detailed instructions but you neglected to mention the OS.
It will not hurt (and might help) to also do the other things that Tech suggested above.
I had already tried disabling the system restore. I have not turned it back on yet I will try that.
Already tried deleting the temp files. Did this when I was in safe mode. No joy on that either.
avast sees the problem just does not seem to be able to do anything about it.
Ran MBAM again it still does not see it though when it started avast gave me a little pop-up at the bottom right telling me it blocked the trojan.
no joy on the file assassin it sees the files but can not delete them. All the other programs as well, they either do not see the two files or see them and are not able to do anything to them.
I went in and gave the administrator extra privileges for the folder and it let me in to delete them but then would not let me because they were in use.
Tried shutting them done in the task manager but will not let me do that.
Tried booting up in safe mode to the command prompt and tried deleting them from there but will not let me because they are in use.
So it seems like I have found a way to get to the two files but because they are loading up as soon as windows does I can not delete them.
I guess I need a way to terminate them and that should let me delete them.
Essexboy is the number 1 qualified malware eliminator here, and we also have oldman, but I haven’t seen much of that user lately, I hope he is fine, also top class for ye, and we have others in the pipeline coming out of the Hogwart Anti-Malware Online Academies,
Hi there this is a new kid on the block - and will require speciallised tools.
A few questions first :
What is the make of your computer i.e. Dell, HP
What is your Operating system Vista or XP ?
Do you have your windows disc ?
Download Bootkit remover to your desktop
This is a rar file if you do not have a programme to open it then download and install Peazip
Extract Remover.exe to your desktop
Right click Remover.exe and select Run as Administrator (if on Vista/7)
It will show a Black screen with some data on it
Right click on the screen and select > Select All
Press Control+C
Open a notepad and press Control+V
It is called after some of the tools they use there at geek2go, all in good humor of course, first there was hjt now they have ComboScript and various other specific script driven cleansing tools, essexboy is the expert there you should ask him,