Help! I cannot remove this Trojan.downloader!

This morning, I downloaded and ran all of the following, per the instructions provided on this web site: ad-aware(with plug-in), ccleaner, spywareblaster, stinger, aboutbuster, hsremove, cwshredder, spybot, kill2me. There were no problems running anything, I did what I was supposed to in safe mode, etc.

However, I still cannot get rid of the virus on my computer. Symantec will delete a trojan downloader, but it always seem to comes back. I also get error messages involving media.exe and ipc.exe, and when i go online, a new browser will often start-up, pointed to, i believe, a planetnana website.

If I post a Hijack This log, can someone assist me in removing the problem? Thanks in advance!

Nathan

 

have you tried turnining system restore off before scanning (if your using XP)?

 

sorry, to be clear, i did turn off system restore; i then shut down via the start menu, and rebooted in safe mode, and ran Trend Micro's Scan and Symantec Security Check (both for viruses and the security check). I then ran stinger, and then Ccleaner, Ad-Aware and Spybot, CWShredder, Kill2Me, about:Buster, HSRemove. I did, however, just realize I did not do the alternate scans like ADS SPY. I will get on this and report back. Thanks!

 

Sigh. After running the alternate scans, still no luck. I have attached the 'hijack this' log. Thanks in advance for your help!

Nathan

 

'Hijack This' log as attachment.

 

illyiii,
you need to shut down Trillian and firefox and put HiJackThis in its' own folder (like C:\HJT) . Run it again and post another log. Thank you.

 

Done. Thanks for your help!

 

I did the first part of what you asked (that is, deleted out the files in HJT). However, when I rebooted in safe mode, the three things you told me to delete were not there.
[C:\WINDOWS\System32\crsss.exe; C:\Documents and Settings\Peters\Application Data\autp.exe; C:\WINDOWS\System32\??plorer.exe <--- let me know if you see any similar named files in system32 (like explorer.exe).]

In system32, I did not see any files that looked like explorer.com or any variation of the first two letters. So you know, I did enable the ability to view hidden files when I was sifting through those directories. Any idea why I could not find them?

I am attaching my HJT log - I'd appreciate it if you could tell me what else, if anything, i need to delete. Thanks for all your help! It usually takes my network 10 minutes or so to boot me off, so I will wait to see if it happens again -- if so, i will go to another computer and post it.

Nathan

 

no problems so far - i think it worked.

thanks a ton - you are awesome!

nathan