Crazy AIM Trojan

I was talking to my friend yesterday and she sent me a file of a picture of her. Well, it seems that it really wasn't her, becuase I called her and she wasnt even on her computer, which means that her aim must have been hacked. Anyway, when I opened the file, my AIM started to send out random, blank messages to everyone on my friends list. I am currently running Notron AntiVirius 2004 to find the little bastard. I run FireFox, so I cant do any of the online scan (IE sends me massive pop-ups and more trojans). So I'm confused and not sure.

 

Please follow the steps below:

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps below:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

OK, Here is the update:
Ran everything I could, but couldn't run the internet tests because running internet explorer slowes the system up and bombards me with pop-ups. I also couldnt run Spybot because when i ran the update for it to run, it would always freeze.
Stinger- Nothing
CCleaner- Nothing (Removed 23.8mbs)
Adaware- Only found 12 things. Only 1 problem (which is on my second, unused harddrive), but nothing else worth noting.
Norton AntiViruis 2004- Nothing at all.
I have been getting some notices from Norton (Norton has like a pop-up warning me if anything is detected). It has detected two files:

Object Name: C:\Windows\etb\nt_hide65.dll
Virus Name: Trojan.EliteBar
Action Taken: Access to the file was denied

Object Name: C:\Windows\etb\pokapoka65.exe
Virus Name: Trojan.EliteBar
Action Taken: Access to the file was denied

Now, with the actions taken, sometimes it says access to the file was denied, or it will say was instantly deleted, but last night I kept getting anywhere from 10-18 Norton Pop-ups in a row telling me about these viruses, dont know if that has anything to do with it.

Upon seeing these notifications, I tryed to find the folder etb in the Windows folder, but it wasnt there. Tryed to make this as detailed as possible for you. Here is the hijack this file also. Thanks a ton.

 

Oh, and when I got home from school today, I recieved some wierd things out of firefox. It seems to be random right now, but this: file:///c:/DOCUME~1/MATTOL~1/LOCALS~1/Temp/6arab1.html
keeps interupting me while online.

 

Now, when i go to check my mail, it seems that Outlook Express cant find an internet connection, even though i'm browsing the internet.

 

Ok, here is an update:
Got Spybot to run.
Ran:
Antivir XP: nothing
Avast- nothing
Microsoft Antispyware- nothing
Pest Patrol- nothing
Spybot- nothing (only found Firefox cookies)

Guys i really need help, every time i reboot my computer my desktop icons are mixed and changed around (i'm running dual screens). I'm fearing for my new computer.

 

Sorry for the late post, these past two weeks have been very busy at work. Also, been working afterhours at work also.

From your log, I see Elite Toolbar, lockx (which is a rootkit), and pokapoka.
Disconnect from the internet (turn off the cable/dsl/satellite modem or remove your cat5/ethernet cable).
Reboot into safemode and remove within HiJackThis:

O4 - HKLM\..\Run: [stratas] lockx.exe
O4 - HKLM\..\Run: [System service67] C:\WINDOWS\etb\pokapoka67.exe
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - HKCU\..\Run: [stratas] lockx.exe

Then click on START, RUN, type in CMD (press enter)

A black command window should appear. Next press and hold CTRL + Shift + ESC, windows task manager should appear. Within taskmanager, click on explorer, and end the process. When you do this, all your icons and the startmenu will disappear, this is normal.

Next, go to the black command prompt. Note: If you do not have this, then go to Windows task manager, then click on File, run. Then type in CMD (press enter).

Next do the following exactly:

cd\windows (press enter)
rd /s etb (press enter)
attrib -r -h -s -a lockx.exe
erase lockx.exe

next type in:

start explorer

Windows desktop should reappear.

Reboot the machine and post a new log (as an attachment)
.

 

Ok,
I booted up into safe mode and ran hijack this.
Deleted O4- HKLM\..\Run:[stratas] lockx.exe
Deleted O4 - HKLM\..\Run: [System services67] C:\WINDOWS\etb\pokapoka67.exe
Deleted O4 - HKLM\..\RunServices: [stratas] lockx.exe
Couldnt find O4 - HKCU\..\Run: [stratas] lockx.exe

Ran DOS - DOS couldnt find lockx.exe

There is the log

 

As far as i can see, when I pull up AIM, nothing freaky is goin on. So, for the most part it worked.

 

Okay, everything looks good on my end! I hope everything works out for you!

I see you are from INDY. Is that short for Indianapolis?