crypt? Thunderbird not working

Win 2k sp4
Mozilla Thunderbird version 2.0.0.24 (20100228)

My brain is burned.

Thunderbird started acting funny a couple of days ago. going real slow, etc. Yesterday, it locks up, but not completely. I can scroll through the multiple accounts that I use it for, and I can delete mail, but I can no longer open email, nor will it download any new email. It just endlessly asks for my 12 passwords, that it refuses to keep in memory.

AVG finds Crypt buried deep in the Thunderbird directories, but even though it tries to remove/quarantine, it does not succeed.

I have been running the malware removal guide processes for almost 7 hours now. I am close to losing my mind.

Please don't instruct me to those guides again, unless you can tell me specifically what I missed or did wrong in the last 7 hours. I am not sure that I can retain my sanity for another pass...

Here's a diary of what I did while following the malware removal guide...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Removed Java Entirely
reinstall Java
update AVG
empty virus vault
empty recycle bin
Run Ccleaner in default settings
32 bit (win 2k)
set hidden files and extensions to be visible
I do not have MSConfig
uninstall malware via add/remove - none
installed defogger, and disabled CD Emulation - I was not asked to reboot.
terminated teatimer at the task manager.
disabled teatimer, and unchecked all the misc locks
reboot
d/l superantispyware.exe to "open" folder
d/l mbam-setup-1.46.exe to "open" folder
renamed to mb.exe
D/l Combofix.exe to "open" folder
moved to desktop
d/l rootrepeal.zip
Download mgtools.exe
AVG Quarantined it.
Restored it to the C drive
disabled AVG with Winpatrol
~~~~~~~~~~~~~~~
Install SAS
Configure SAS
Run SAS
remove and quarantine adware and spyware
(did not find crypt in the thunderbird folders)
Run Combofix
Lots of stuff removed...
Saved log to desktop as Combofixlog.txt
firefox not connecting to internet.
MB will not execute - missing some DLL's.
Ran Combofix again, thinking that might help - it didn't
Saved log to desktop as Combofixlog2.txt - can no longer find it
reinstalled firefox - firefox working again.
mb still will not run - reinstalling
MB wants a DLL that it can not find
MGTools will not allow me to run it, as it claims that access to the specified path or file is denied. Mind you, I can move it, or delete it, but I can not execute it.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pretty sure I ran RootRepeal, but do not see it in this diary where it should appear - also can not find a folder. Does not show in add/remove programs.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Logs from the process that I could generate, are attached...
I was unable to create MegaBytes or MGTools Logs.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thank you in advance for your assistance,

Blank_Stare

 

OK, if not malware, what else might it be? AVG claims it is the Crypt virus?

OK, I screwed up when I ran it twice - it was a long, frustrating way to spend my day. What should I do to correct that mistake?

Ok, I'll try to record that .DLL name, next (?) time I run it.

As I recall, it listed many, including the root drive folder. Should I try again?

The MGTools folder is empty. There is nothing in it now. I can not find getlogs.bat on my harddrive, using a complete search of the harddrive. MGTools.exe has also disappeared from my drive - I am baffled.

What do I do? Start over from scratch, and run every one of the procedures again?:cry

Thanks for helping,

~ Blank_Stare

 

Wow, I guess I really blew it.

I'm sorry I screwed up, and I am sorry I wasted your time. If you are still willing to assist me, I will do my best to better follow the instructions.

Thunderbird is not acting correctly, and AVG finds the Crypt Trojan Horse in a password subfolder of Thunderbird. (I can get the exact address, but it sounds like that is not relevant.)

I am unclear of how to proceed from here. Should I restart the entire process, or start somewhere in the middle? Am I asking for help in the wrong place? Since I apparently have a trojan, I thought asking for help here made sense.

Sorry, but I just am not clear on how to move forward. Please advise me.

Thank you for your patience.

 

1. File, or folder? I wish I could figure out exactly which newmsg### file is the email to delete.

2. I use Thunderbird, not Outlook. I am guessing that the T-Bird site has a forum for the same sort of process.

3. This might be do-able, thanks. I'll see if I can isolate which folder it is, and delete that folder. Since I (used to) receive email from 12 different accounts to this one client, it may be more like a fishing expedition...but it sounds like my best option, at this point.

I'll report back next week. I am going to be swamped this week, and all weekend, but I should have a chance to go "fishing" first part of next week.

Thanks,