NewPoly 32 virus help

I have followed the instructions from DO NOT POST UNTIL YOU HAVE READ THIS: How to: Spyware, Trojan And Virus Removal

However, the popups and the "about:blank" is not disappearing.

I am getting a little worried.

Can someone offer me some advice

Thanks

 

Again, I apologize, but how to I "unzip" the file?

Thank you

 

I have done what was instructed, however when I tried to unzip the Hijackthis file (to a new folder I created, I get a p[op-up saying that a new virus

(The file cOCUME-1/"my name"-1/LOCALS-1Temp/Temporary Directory...was infected by the W32/Generic.worm!p2p virus and has been deleted...) shows up.

What am I doing wrong?

Thanks

 

I have encountered now more virusus. When I click on windows explorer, a screen comes up that reads:

YOUR PRIVATE INFO IS COLLECTED BY W32 Sinnaka.A@mm

This even covered up my background screen.

I am currently part of another thread regarding hijackthis, but in the meantime, is there anything I can do?

 

The Hijackthis icon, first has a folder with a zipper through it (hijackthis.zip).

When I open it it turns into a box that is all white except for a blue line at the top and is titled hijackthis.exe.

When I click it, nothing happens.

As you can see, I am pretty ignorant here, but I thought I follwed the directions...

 

Thanks for taking care of that.

OK it worked in safe mode!

So here is my HJT log:

 

1). OK, I haven't run about:Buster.

2). I had HJT delete all of the ones you mentioned.

3). I couldn't find hpA8D1.tmp and intell32.exe in the Windows/Sytem32 section

4). I ran Hoster and did what was told

5). I reset the Web settings.

However, it seems a bit worse. The background is flashing now and when I click on Internet Explorer, I get a screen that reads:

Your IP address is ______________. Using this address a remote computer '88.115.69.23' has gained an access to your computer and is collecting the information about the sites you've visited and the files contained in the folder 'My Documents'. Click here to visit website of anti-spyware software.


Your private info is collected by W32.Sinnaka.A@mm
Your IP address: _______________

Your Country: US, United States

They know you're using: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

Operation System: OS Windows

Risk status for futher investigation: VERY HIGH RISK

Time of investigation: Wed Aug 17 9:37:03 PDT 2005

 

Chaslang,

I tried to unzip it with winzip but then read that with XP you don't need it.

I guess my problem still stands with my previous post, but if the problem is the HJT, how do I unzip it?

 

D3m3nt3d and Chaslang,

I meant that I had done the previous things in the previous posts, but now I am worried that I didn't properly unzip the HJT file because of the last post you sent.

I still don't know why I couldn't find the hpA8D1.tmp and intell32.exe in the Windows/Sytem32 section. Or rather, what I possibly did wrong.

Either way, should I resend my HJT log?

 

I hope this looks different.

Thanks

 

I tried, but when I type in "C:\Program Files\HJT" a little box comes up saying that I need a password.

Plus, when you say "hit extract" do you mean click "next"?

 

How about now

 

C:\Program Files\HJT\hijackthis

This is what comes up when I click "extract all" from the extraction wizard.

I then deleted it, typed in C:\Program Files\HJT and clicked "next", and went to "finish".

It then said "successfully extracted" to said folder.

When I try to run Hijackthis in normal mode (whether by double clicking it or right click/open) the little hour glass icon appears for a second
and goes away.... and nothing happens.

 

Build: 9.1.10
Engine version: 4.3.20

DAT version: 4.0.4388

It reads when I click on the McAfee icon viruscan:

"Your virus signatures have expired. Please renew your subscription."

 

It seems whenever I follow these directions:

To extract hijackthis.exe:
- locate the HijackThis.zip file you downloaded and right click on it
- Select Extract All and click Next
- Browse your way to the C:\Program Files\HJT folder created above
- Select the folder and click Next

everything is fine. But then I can go back to the same Extraction Wizard box and after hitting "next" this comes up

C:\Program Files\HJT\hijackthis

not

C:\Program Files\HJT

Is there a difference between the two?