No more ideas-help needed

Dear All,

Last Sunday 10/30/2005 got mu home PC infected with something like "Troj-Krepper-R" on Sophos site and since I'm having problems in bringing the PC under control. Looks quite new since only 2 results when searching on Google with keywords "inet20088 + services.exe".
My OS is WinXP SP1.
I'm using McAfee VirusScan, SpyBot S&D and Ad-Aware.

Initial Symptoms:
- Heavy loaded CPU
- Suspect process running (IEXPLORER.exe and services.exe) and reapearing after killing
- unknown traffic over the internet connection when on (I'm using dial-up connection)
- when shutdown is initiated system can not close some processes that needs manual intervention to be closed (iexplorer, explorer, system tray, power management, etc.)
- new directory found "inet20088" containing 4 files including services.exe

Action taken so far:
- aplied trojan 'Troj-Krepper-R' removal procedure from Sophos
- with system restore set off, in safe mode cleaned PC in several runs of uptodated tools
Spybot S&D
Ad-Aware
SpywareDoctor
Sophos SAV32Cli utility
SpywareDoctos
MicrosoftAntySpyware beta1
till no mor problems exept MRU where foud.
- with system restore set off, in normal mode cleaned PC in several runs of uptodated tools
Spybot S&D
Ad-Aware
SpywareDoctor
Sophos SAV32Cli utility
SpywareDoctos
MicrosoftAntySpyware beta1
till no mor problems exept MRU where foud.

Current status:
- Normal CPU load
- Suspect process still running IEXPLORER.exe and reapearing after killing (I don't know who is starting it)
- Process services.exe is run from normal location
- No more unknown traffic over the internet connection when on
- when shutdown is initiated system still can not close some processes that needs manual intervention to be closed (iexplorer, explorer, system tray, power management, etc.)

I'm apreciating any help from you guys in solving my problems.

Thank You in advance,
RazLin

 

Welcome to MajorGeeks.com, please follow the steps below:

http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

 

Dear bjgarrick,

Thank you for your feedback.

Yesterday, I remade all the steps in "READ & RUN ME FIRST Before Asking for Support" with updated definitions files from 02.Nov.2005.

Was very pleased to have SpySweeper and Ewido discovering and fixing problems in IEsetup.dll and msidle.dll.

Now my PC is running fine and none of the problems described in my first post are occuring.

Thank you for the info found on your side and KEEP UP THE GOOD WORK.

Best Regards,

RazLin

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

Surf Safely!