Aim Virus won't go away

Hi all. I have the aim virus. I have tried the below so far but it comes back once I reboot my station.

I installed Norton Antivirus and it found two files which I deleted.
I ran Trend Micro online Antivirus which found three files that I deleted.
I ran Ad-Aware that found 13 files which I deleted.
I ran Spybot Search and Destroy and it found one file while was deleted.
I ran Aimfix from Jayloden which said it fixed it but the virus always comes back. When running this again, it finds nothing.
I ran all of this in normal mode and safe mode to no avail.

When I start up my computer, I end task on a msdos windows and it stops it but if I let it go, it brings up an internet explorer window titled Trufkz. If I go to my computer, there are two registry files (kansup.reg and kans.reg), and x.bat file, install.exe, and the Trufkz html page. I can delete them but again, they come back when I reboot. I'm sorry but I can't remember what viruses it found as I ran it hours ago. I can run HijackThis if you want. Just let me know. Thanks!

 

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

this also may help(not first)
do the sticky's first

AIM Fix

 

I tried the AIM Fixer and it didn't work. I also tried everything on the read me first page to no avail. I attached my Hijack This file.

 

Please print out these instructions so that you can operate with All Browser Windows CLOSED.
Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

Now, look in Task Manager (Ctrl-Alt-Del) for the following running process and, if you see it, try to END it:

NormanAntivirus.exe



Now scan with HijackThis and Check the Boxes for the following:

Again, make sure All Browser Windows are Closed when you Click FIX.


O4 - HKLM\..\Run: [Norman Antivirus] NORMANANTIVIRUS.EXE

O4 - HKCU\..\Run: [console] C:\WINDOWS\System32\console.exe

O4 - HKCU\..\RunOnce: [Norman Antivirus] NORMANANTIVIRUS.EXE

O15 - Trusted Zone: http://www.jayloden.com

O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab

O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab



NOW:
Please boot into Safe Mode with the Viewing of Hidden Files Enabled and navigate to and DELETE the following if they should remain:


C:\WINDOWS\SYSTEM32\NormanAntivirus.exe

C:\WINDOWS\System32\console.exe

c:\counter.cab



NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.


Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows and Scan with HijackThis and attach that log.
Let me know of any problems you may have encountered with the above instructions and how your computer is running now.

Good Luck!

 

Yay! That worked. Thanks!

 

Your log is clean! Are you currently experiencing any problems?

Also, I notice your still running Windows XP Service Pack 1, If possible I would recommend you updating your operating system to the latest service packs and security fixes from Microsoft.

Microsoft Windows Updates!