my desktop background suddenly changed from a picture to a warning sign stating

WARNING!

YOUR'RE(yes, that's how the sign spelled it) IN DANGER!

YOUR COMPUTER IS INFECTED WITH SPYWARE!

ALL YOU DO WITH YOUR COMPUTER IS FOREVER STORED ON YOUR HARD DISK. WHEN YOU VISIT SITES,SEND EMAILS... ALL OF YOUR ACTIONS ARE LOGGED. AND IT IS IMPOSSIBLE TO REMOVE THEM WITH STANDARD TOOLS. YOUR DATA IS STILL AVAILABLE FOR FORENSICS. AND IN COME CASES YOUR BOSS, YOUR FRIENDS, YOUR WIFE, YOUR CHILDREN.

Every site you, somebody, or even something, like spyware, opened in your browsers, with all images, and all downloaded and maybe later removed movies or mp3 songs- ARE STILL THERE and could broke your life!

SECURE YOURSELF RIGHT NOW!
REMOVE ALL SPYWARE FROM YOUR COMPUTER!



In the lower right hand corner where the clock is on my toolbar, a windows security notic bubble pops up telling me that i have a spyware infection and i need to install the latest spyware removal program. if i click on the link it takes me to this site where I'm supposed to download this program called SpyBurner. I didn't know what what else to do, I've ran multiple scans of spybot s&d, zonealarm, avg... So i downloaded the SpyBurner program. I later found out that Spyburner is a high risk rogue anti-virus that can cause lots of problems.

Can someone please help me? i don't know what to do

Howdy,

Sorry that you are having computer problems that seem to point to the presence of malware. The Malware Removal and Prevention procedure was developed by CastleCops Staff to assist folks who are having problems dealing with malware and/or who want to prevent (re)occurence of malware issues.

Please let us know if this solved your problems. In the event that your problems persist, the procedure explains how to get assistance at CastleCops with the use of Hijack This logs.

Spyburner is a relatively new rogue threat so may not have yet made it into the removal databases of many legitimate removers.

My first recommendation would be to download Rogue Remover Free and try it. They usually react quickly to new threats so if it is not detected today it may well be tomorrow.

_________________
MS MVP Security 2006-2008

thanks for your help, I'll try both of these things and let you know how it goes

Well... I downloaded CCleaner and scanned. Then i ran Spybot S&D along with Ad-Aware. Then i ran the antiviral scan with Zone Alarm. Finally i ran AVG antivirus. For all the programs no infections came up except for CCleaner. I also tried the RogueRemover program and no results came up.
I am still not able to change my desktop and i still have the fake windows alert sign in the right side of my toolbar. Here is my HijackThis log file, i have no idea what it means...

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\comsysobj.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\shellexcon.exe
C:\WINDOWS\win32st.exe
C:\WINDOWS\winstrse.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.0.103.0\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\hijackthis\HiJackThis_v2.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSERIALWORKSTARTER] "C:\WINDOWS\comsysobj.exe"
O4 - HKLM\..\Run: [SMSERIALWORKERSTART] "C:\WINDOWS\shellexcon.exe"
O4 - HKLM\..\Run: [SMSERIALSTARTER] "C:\WINDOWS\win32st.exe"
O4 - HKLM\..\Run: [SMSERIALWORKERSTARTER] "C:\WINDOWS\winstrse.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.0.103.0\GoogleUpdate.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Registration-Studio 8 SE.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Owner\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168992426859
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Howdy,

Please post the entire log!

oh, sorry, is this what you wanted?

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:40:24 AM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\comsysobj.exe
C:\WINDOWS\shellexcon.exe
C:\WINDOWS\win32st.exe
C:\WINDOWS\winstrse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\hijackthis\HiJackThis_v2.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSERIALWORKSTARTER] "C:\WINDOWS\comsysobj.exe"
O4 - HKLM\..\Run: [SMSERIALWORKERSTART] "C:\WINDOWS\shellexcon.exe"
O4 - HKLM\..\Run: [SMSERIALSTARTER] "C:\WINDOWS\win32st.exe"
O4 - HKLM\..\Run: [SMSERIALWORKERSTARTER] "C:\WINDOWS\winstrse.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Registration-Studio 8 SE.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Owner\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168992426859
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7670 bytes

You need to become a full member of CastleCops in order to make further posts to this HijackThis forum. Membership is free.

No one will help you until you post a full HijackThis log. Open the log in Notepad, click on the Format menu, and uncheck Word Wrap (this prevents choppy entries when it wraps on the board), press Ctrl+A to highlight all, Ctrl+C to copy it, then Ctrl+V to paste it into your next post.


Be sure that your edition of HijackThis is version 2.0.2. We do not accept out-dated ones.

Further info and instructions are here: /t213297-How_to_Be_READY.html

_________________

Microsoft MVP Consumer Security 2006, 2007 & 2008

Hello everyone .

Research across several forums seems to indicate that the following files are the issue here :

C:\WINDOWS\comsysobj.exe
C:\WINDOWS\shellexcon.exe
C:\WINDOWS\win32st.exe
C:\WINDOWS\winstrse.exe

@mtbguy

If at all possible please copy these 4 files to a new folder , zip it with the password infected and attach the resulting zip to a new thread here :

/f81-Unknown_Files.html

Make sure to include a link back to this thread or let us know that you have done this .

This will help all antimalware vendors detect these files as it seems that nothing currently does .

@mtbguy: I can't stress enough the importance of collecting those files to help the entire security community.

Once you have done so, see the Spyburner Removal Instructions and give them a try.

_________________
MS MVP Security 2006-2008

I have also learned that the definitions for RogueRemover have been updated and that it can now remove this pest. If nothing else, update the defs and try it again.

_________________
MS MVP Security 2006-2008

Just letting you know.

/p1057857-comsysobj_exe_and_related_files.html#1057857

Thanks for the samples , I have passed them along and our MIRT handlers will also process them .

We use a service call virustotal.com (you can also use this to check files) .

File comsysobj.exe received on 02.18.2008 00:14:44 (CET)

Result: 2/31 (6.46%)

Panda 9.0.0.4 2008.02.17 Adware/SpyBurner
Webwasher-Gateway 6.6.2 2008.02.15 Virus.Win32.FileInfector.gen!90 (suspicious)

File size: 25600 bytes
MD5: 17195c2104aee64b598aa815332bb6a4
SHA1: 803d471f7b2c03f185c74444dd01309e82afe55c
PEiD: BobSoft Mini Delphi -> BoB / BobSoft
===================================================================
File shellexcon.exe received on 02.18.2008 00:14:49 (CET)

Result: 3/31 (9.68%)

AntiVir 7.6.0.67 2008.02.15 HEUR/Malware
Panda 9.0.0.4 2008.02.17 Suspicious file
Webwasher-Gateway 6.6.2 2008.02.15 Heuristic.Malware

File size: 29184 bytes
MD5: 3fe0e32201f34616edb7447e976df470
SHA1: 8bf1aaa5468b8ad3def3feb7c1337509ed98f51b
PEiD: BobSoft Mini Delphi -> BoB / BobSoft
===================================================================
File win32st.exe received on 02.18.2008 00:14:54 (CET)

Result: 2/31 (6.46%)

AntiVir 7.6.0.67 2008.02.15 HEUR/Malware
Webwasher-Gateway 6.6.2 2008.02.15 Heuristic.Malware

File size: 36864 bytes
MD5: 7dfb42300357f7b50ba763497e6c41c7
SHA1: 12da99a05a8dd561b44dce911251f517b0b3b149
PEiD: BobSoft Mini Delphi -> BoB / BobSoft
===================================================================
File winstrse.exe received on 02.18.2008 00:14:59 (CET)

Result: 2/32 (6.25%)

Panda 9.0.0.4 2008.02.17 Suspicious file
Webwasher-Gateway 6.6.2 2008.02.15 Virus.Win32.FileInfector.gen!90 (suspicious)

File size: 26112 bytes
MD5: ed5db9136e502a87bdc20f36c787a977
SHA1: 69b01b929201a5d62adcfccf97d8e385590549cb
PEiD: BobSoft Mini Delphi -> BoB / BobSoft

These are very poor results indeed .