Help I've Been HAcked !

Hiya,

Last week I was opening an MPeg and I was suddenly Attacked ..

Al sorts of Pop-ups and then My comp froze .. I rebooted and I had TONS of Trojans and Viruses..

I've gone through the Process of reading up on a What I ound at difernt sites and DOwnloding , Installing and Un-Instaling several different Types of Malware\SpyWare removal Software. and have gotten rid of alot of it But I still am having severe bog Down problems , Pop-ups and other symptoms..

The Following is a list and description of my Problem..

If anyone could Help me understand what is happening I would be very greatful.. I Dont understand any of this Code stuff...

THanks*
Ed

--------------------------------------
My System Specs: DELL
Intel Pentium 4 CPU 3.00 Ghz, 512 MB RAM, NVIDIA GeForce FX 5200



Norton Antivirus:
can type: Realtime Protection Scan
Event: Virus Found!
Virus name: Downloader
File: C:\System Volume Information\_restore{2AD92CD6-171A-45FB-9EBC-5535A28846A0}\RP1\A0000002.exe
Location: Quarantine
Computer: USER-EY35M5DWTN
User: SYSTEM
Action taken: Clean failed : Quarantine succeeded : Access denied
Date found: Sat Nov 11 10:21:19 200
--------------------------------------------------------------------------------------------------------
Symptoms:
When computer is turned on a notice that Windows Firewall is Turned Off appears. WHen I check it it says it is turned on...
SAFE MODE : Does Not Work.. Shows up as black screen with Safe mode written around the edges of screen!
Advertising Pop-ups. Lose all screen Icons .. Lose Control bar at bottom of screen .. (Start button Etc..) and so need to restart computer..
Sytem Restore Points didnt work and were lost. I Erased them to try to erase virus ..
Buffer is Being Overrun Warnings when online..
New Guest ** Password Protected ** Account Mysteriously Created on computer Named : ASP.NET Machine A ** ( could this have been made by a legitamate Firewall process?? or is this a backdoor attack ??)) - have not deleted it yet --
-----------------------------------------------------------------------

Edit by bjgarrick: Inline log attached!

 

Welcome to MajorGeeks.com, please follow our standard cleaning procedures:

http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

• Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..

http://www.majorgeeks.com/images/grenade.gif In your next post, please make sure you attach the following logs and that you have run these scans in the following order:

• CounterSpy - ONLY IF you were not able to run Windows Defender
• Bitdefender - from step 6
• Panda Scan - from step 6
• runkeys.txt - the log from GetRunKey.bat
• newfiles.txt - the log from ShowNew.bat
• HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!