Don’t give up that easy :)
I can help you do a manual removal if you like. You won’t have to do much more than click a few buttons.
Download avz here: http://www.z-oleg.com/avz4.zip (its a virus removal utility)
Please save this file to your desktop or "My Documents" folder.
Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.
Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
If you are running Windows Vista launch AVZ.exe by right clicking and selecting Run as Administrator
You should now see the main window of the AVZ utility.
Please navigate to File->System Analysis, check the option "Attach System Analysis log to ZIP"and start the scan from the same window.
AVZ will then take a few minutes to scan your computer and compile the logfile.
You will be prompted with a window asking you where to save the logfile.
Please save the logfile to your desktop or within the AVZ folder so you can easily retrieve it after scanning has completed.Once scanning is finished, please upload the logfile to www.rapidshare.com and post a link here. I will look through it and generate a removal script. It would be useful to know what the things that drweb and kaspersky removed were too :)
Again, my computer would not download this program. The actual message was The connection was refused when attempting to contact devbuilds.kaspersky-labs.com
Previously the Kaspersky pack found, and I removed, these:
deleted: Trojan program Exploit.Java.Gimsh.a File: C:\Documents and Settings\James\Application Data\Sun\Java\Deployment\cache\6.0\62\70a93cfe-4f4000da
deleted: Trojan program Trojan.Win32.KillWin.iy File: C:\Program Files\EasyBits\KidsReady\Setup.exe
deleted: new threat not-a-virus:FraudTool.Win32.SpywareStop.gd File: F:\AntiSpyware BOT\setupxv.exe//AntispywareBot/SpyCleaner.dll
deleted: adware not-a-virus:AdWare.Win32.BiSpy.d File: F:\VCatch Basic\vcsetup.exe//WISE0027.BIN
deleted: adware not-a-virus:AdWare.Win32.IGetNet.a File: F:\VCatch Basic\vcsetup.exe//WISE0029.BIN
deleted: adware not-a-virus:AdWare.Win32.Ucmore.c File: F:\VCatch Basic\vcsetup.exe//WISE0030.BIN/UCMIE.DLL
deleted: adware not-a-virus:AdWare.Win32.Ucmore File: F:\VCatch Basic\vcsetup.exe//WISE0030.BIN/IUCMORE.DLL
but I’m still being denied access to some sites, redirected away from others, and cannot run restore, my (free) AVG, or my recently-installed Avast!
Thanks.
I suspect this is a trojan that has changed your DNS server settings.
The AVZ log has identified a few areas of concern but nothing concrete.
Can you post a combofix log as per these instructions please? :)
please review and follow these instructions carefully.
Download it here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Before saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.
Now, please make sure no other programs are running, close all other windows and pause your antivirus until after the scanning and removal process has taken place.
Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.
You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt , please upload it somewhere for me to review it. Then you can reenable your antivirus software.
Can you please change your DNS settings as shown in the article below:
https://www.opendns.com/smb/start/device/windows-xp
This will switch from the (probably comprimised) entries that the virus has left, to reliable DNS servers (which act as a map for your computer, when it wants to get to a website, give it dodgy servers and it can’t find where it needs to go)
Reboot after changing the settings and see if you can access Kaspersky.com and other security sites.
The combofix log would still be handy :)
It may not be that simple. This machine (a laptop) is one of three, all sharing the same domestic network controlled by one of the other machines. The laptop is the only one affected by this "virus": both the other machines are operating normally, including trouble-free internet access.
I’ll try to get you a CombiFix report, after which I’ll run a ‘solution’ now received from the laptop manufacturer.
Hello Baz
Here is my ComboFix report:
http://rapidshare.com/files/169510402/log.txt
Whatever else it did it seems to have restored Internet access, including allowing AVG to update and Restore to function again.
I am now about to run Deldisk from HP which will apparently let me use the recovery disks I made earlier.
I’ll get back to you later
