Spyware? Virus?

When I booted up today I got the "Windows Explorer has encountered a problem and needs to close." Window. When I click OK or Send it doesn't close Explorer but an other "Windows Explorer has encountered.." Window popsup. It happens ad infinitum. I can shove the window off to the side and seem to be able to do everything ok in windows but I can't get rid of that window. Not without an other one popping up.

When I go into windows task manager I see a 6 or 7 digit alpha .exe program running. A search of my Hard drive shows no such program exists. I can close that program within task manager but within 10 seconds an other exe with different digits shows up in Task Manager. Here are a few examples:

uxxzdef.exe
tmeofu.exe
fdhczi.exe
gdhsey.exe
amvxysr.exe


Obviously something is creating random six or seven digit alpha names.

Ran Spybot and nothing.

Any ideas?

Thanks

Rudeboy

 

Please follow the steps below:

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

You may want to take a look at this (if you're curious like I am) for an overview of the WORM_WALLON.A you have on your system....removal instuctions indicate their online scan will remove it which is one of the tools you will need to use in the READ ME FIRST linked in the above post.

 

That is a good link I do recomend after you run those to still post HJT log to have some 1 look it over to make sure nothing is hiding that could come back

But do run the READ ME FIRST and do all those

gl hf

 

Thanks very much. Sorry for not going through the stickey's before my initial posting.

I have now done all the steps in README FIRST. Except:

1. I did not do the scans in Safe Mode. I booted into Safe Mode but couldn't get my Mouse to work. I tried to do it with keyboard functions but it didn't work so I did the scans in normal Mode (WinXP Home).

2. The Symantec online scan didn't work. I tried a number of times over a couple of days. I get the Symantec Security Check page hit the <<Go>> button a new window pops up but nothing happens. I've waited for over an hour once and nothing.

During the scans I got back hits. Mostly for PE Parite.A; Pate.b and Sdbot.worm.gen.

The issue with the error message for Explorer has been solved.

I still have two issues.

1. There is still the random alpha 6 or 7 digit exe running that I see in Task Manager. That when I close it an other different random exe opens up.

2. I get pop ups from Auroa.

I ran HJT as instructed and attach the log file.

Thanks

Rudeboy


PS Again I'd like to thank you for your help and everyone at this site. I realize that you are helping people out of the goodness of your heart and it takes time and resources, however I was a bit preturbed that when I ran HSRemove IT hijacked my Homepage.
A quick fix still kinda ironic and annoying.