W32.Spybot.Worm - can't remove

After performing a full system scan with Norton Internet Security it has come up with a list of the following issues:
W32.Spybot.Worm
W32.Alcra.F
Adware.P2PNetworking...
and 4 other adware things

These are the problems I seem to be having with my PC:
1. Comes up with a Winlog.exe error message on start-up (this is apparently where the W32.Spybit.Worm is found to be infecting). I can't find Winlog.exe anywhere. It is suppose to in the System32 folder.
2. Shareaza keeps loading by itself, after closing it down.
3. Task Manager doesn't work.
4. I can't run Norton AV, it just doesn't open at all.
5. A double beeping sound come on every now and then.

I have also completed a HijackThis log file but wanted to see if it can be resloved first without posting the attachment here.

I have been searching the forums here and at other sites for a solution and can't seem to find one that works. I've downloaded spyware/spybot software from forum advice and still nothing works. I'm starting to worry about my information getting into the wrong hands so I'm hoping to resolve this issue ASAP.

Any help would be greatly appreciated!!

Ben

 

I've followed the instructions in 'READ & RUN ME FIRST...' but have encountered an issue that stopped me from completing Step 6.

Bitdefender was not finished. It hangs on 627 files scanned. Waited for up to 20 minutesw to see if it moved but there was progress, did this 3 times. The point it gets stuck is in the Spybot_Search and Destroy\Recovery folder
and I'm pretty certain it is a on a file 'GAINgator11.zip' because everytime I try to delete it it comes up with a error message saying that it is being used by another person or program. Because of this I have not carried on with the next scan - Panda ActiveScan.

What should I do now? Sorry if I come across as a complete beginner but it is exactly what I am when it comes to this, and on top of that I am starting to stress about this.

 

Clean out the Spybot backups so that will not happen again. After you do this run the scans again and attach the logs to your next post.

 

OK I can do that... how do I clean out the Spybot backups?

 

Run Spybot, click on "Recovery" on the left side and check all of the boxes on the right side. From the top menu click on "Purge items" and this will remove those backups.

 

I have finished performing the steps in 'READ & RUN ME FIRST....'

Here are my log files as per instructions.

 

Download the following two files, create a folder on your desktop, call it TSC. Save these 2 files there.

Note: They must be in the same directory for it to work properly!

Sysclean Package

Pattern.zip

After you complete the above, locate the file "lpt233.zip", right click to extract the contents to the same directory.

Once you complete the steps above, REBOOT INTO SAFE MODE!

Once in Safe Mode double click the file sysclean.com. When the system cleaner loads, click SCAN to start the scanner. After you complete the scan reboot and attach a fresh HJT log along with the Trend SysClean Log.

 

Thanks BJGarrick. I have downloaded what you adviced. Before I go ahead and reboot in safe mode. Can you tell me what is of concern in the files I attached to my last post?

Thanks!
Ben

 

Netsky WORM and Gaobot WORM infections. Because these can create many files I would like you to run the Trend SysClean to cleanup any leftovers. It seems as if your inbox contains the actual infected files as in attachments.

 

OK finally finished scanning with Trend. Long scanning time for this one (close to 23 hours but its all for good reasons!

Attached is the new HJT log and Trend scan log.

 

The first thing that must be address is your AV programs. I see you have AntiVir & Norton installed. Please pick one and uninstall the other as running more than one will cause conflicts.

Also, please follow the below to relocate your HJT to a safer location.

Please EXTRACT HijackThis from the ZIP File to a Safer location. Here's how:

To create a new folder:

• Click START > My Computer > Local Disc C: > Program Files
• Now, Right Click on an Empty Area and select New > Folder & name it HijackThis and ENTER

To Extract HijackThis:

• Now, Right Click your HijackThis ZIP File and select Extract All > Next > and browse to your newly created HijackThis Folder
• (C:\Program Files\HJT) and click Next.

After you have completed the above steps to relocate HJT, run it from the new location. Please save your HJT log as a .txt file and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

The reason HJT needs its own safe folder is so that backups will be safely preserved. That way, if a mistake is made in the removal process, the mistakenly deleted entry can be restored.

 

I tried to uninstall Norton but got an error saying it is missing a file and it cannot uninstall because of it, below is the file.
C:\Program Files\Navnt\navnt.isu

Is there a way to uninstall without it or can I get this file somewhere else?

 

BTW...
How can I tell if someone has hacked into my PC?
Would it be alot of work (easy for the hacker) hacking into an individual's PC?
If I have a port forwarded for torrent downloading. Can a hacker penetrate into my files/folders through that open port?

 

What version of Norton do you have?

 

It's tricky when it comes to hacking, when files are deleted, information is stolen, weird things start to happen such as screensavers with your name on them. Hackers don't really mess with PC's because there isnt anything valuable like a business computer or network. That's why they write malware, to do the home computers, LOL!

As long as you have a firewall, antivirus and windows updates you should be fine.

 

Norton AntiVirus 2000 Version 6.5.2.806.


I don't really understand but here goes... I bought (upgraded to) Norton Internet Security 2004 which doesn't have any options for antivirus protection. But yet when it updates definitions for other things such as spam and intrusion detection, it also updates the virus definitions - which runs through Antivirus 2000. Here's the thing, I can't open/run the Antivirus 2000 software, nothing happens when I double click on the icon.

I am OK to uninstall it and use only AntiVir. AntiVir updates its definitions more regularly then Norton.

Is AntiVir less resource hungry?

 

Compared to Norton anything is, I'm not familiar with this particular antivirus as I use AVG AntiVirus. I know that AVG has a smaller footprint than many and does IMO a better job.

 

Please download Rnav & Rnis.

These tools will cleanup Norton AntiVirus & Norton Internet Security up to version 2003 Professional. These tools will remove everything relating to Norton.

This tool will cleanup any leftovers of Norton AntiVirus. When running this tool it will prompt you when you run it "Would you like to exit now and try this" click NO. Now, Select Norton AntiVirus 2003/Norton AntiVirus 2003 Professional and click OK.

Note: You will be prompted to reboot when this tool is complete, please do so that settings can be applied.

If you still have the NIS 04 run the below...

Download SymNRT, save to your desktop. Double click to run the program, follow the on screen insructions then REBOOT!