bestweblinks.com

Yep I got this virus. Thanks very much for the assist in removing it that I found at http://forums.majorgeeks.com/showthread.php?t=69600

I just wanted to note that I was actually able to get rid of some of the files without having to use safe mode.

Files below:

C:\WINDOWS\svcproc.exe
C:\WINDOWS\system32\msmsgs.exe
C:\WINDOWS\system32\shnlog.exe
C:\WINDOWS\system32\intmonp.exe
C:\WINDOWS\System32\intmon.exe
C:\Windows\System32\helper.exe
C:\Windows\System32\ole32vbs.exe
C:\Windows\system32\msole32.exe
C:\WINDOWS\system32\hp9431.tmp
C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\Windows\sites.ini
C:\Windows\popuper.exe

Instead of booting to safe mode, I found that I was actually able to rename the files even though I couldn't delete them. Then I just killed the process using HJT and viola now I can delete the file.

Odd that I was able to rename the file (I just put a ` on the end of the file) and didn't get an access denied message. It worked though. I didn't have all of these files on my system by the way, but I had most of them.

Killing the process without renaming the file just regenerated the process immediately. Very irritating.

 

Yes indeed. I am especially thankful for the registry entries to get my desktop back. It freaked me out a little to see that my desktop changed and the display control panel had the background tab completely removed. A very clever virus. Not clever enough though =)