Virus?? [Trojan.desktophijack.B]

Virus??

Hi guys, have this problem that I've never heard or seen before. Last week Norton found a virus on my machine (trojan if I can remember, don't know the name of it though). Ever since it removed it my machine has behaved funny.
I thought i lost all my files but on futher inspection I found them in a new folder (I didn't create) in C: Docs 'n' settings/temp.******.000 (asterixes being my name).
So I copied them and made a new folder on my desktop and pasted them there.
Now every time i boot my machine it removes them from the desktop and places them elsewhere.
I tried a system restore to a date well before I got the virus and this also will not work.
All help would be greatly appreciated.
G

 

Quarantine

Trojan.desktophijack.B seems to be the file pal.

 

From Symantec

Johanna

 

Download SmitRem.Zip, and unzip it to the Desktop.

Download the trial version of ewido security suite.
Install ewido security suite and start the program from the icon on your desktop, then check for and download updates. Close for now.
Ewido Setup

Reboot into Safe Mode. Doubleclick RunThis.Bat in the Smitrem folder on the Desktop.
Lots of things are going to happen, your desktop will end up as blue when it is done.
Then do the ewido scan. You could do Norton after this, Ewido is a trojan scanner and may find more than Norton.
You may want to post a HijackThis log after all this.

 

wow, i was going to make a similar post about this.

was looking at ****, got a thingy that i had spyware. ran adaware and i had a load of spyware plus some trojans

only file i havent been able to remove is this

The Trj/Clicker.HP Virus was found in file C:\WINDOWS\system32\msole32.exe

found it through pcpitstop.com when i try to remove it i keep being told its being used by a program and cant be deleted. i downloaded symantec antivirus and it found it with the trojan name already mentioned in this thread. a desktop attacker that keeps trying to get me to download and buy some antivirus gold thingy to remove it

markp62 will what you mentioned work for my problem too?

 

The smitRem tool has been updated! In many cases, with NT based systems (XP, 2000, 2003), the tool will replace the infected system file wininet.dll if a good copy is found in one of the locations it searches. I would also like to note that an online virus scan with Panda ActiveScan should be done when back in Windows, following the running of the suggested tools in safe mode. ActiveScan can now properly clean the infected wininet if a replacement is not found, although the cleaning won't actually take effect until after rebooting due to the file being in use. Additionally, a HijackThis log should be posted for review upon completion! (really should have had one first ) The tool also creates a log in the root drive, which is usually C:, named smitfiles.txt which should be posted along with the HJT log, ActiveScan log, and the Ewido log. The smitfiles.txt will be deleted and recreated if the tool is run a second time, so we are unable to see what the tool removed on it's first pass. If running a second time, please move the first log created before doing so.


Updated smitRem

Panda ActiveScan

One more note. eTrust Antivirus will properly clean the infected wininet.dll also. A free trial can be obtained here.

The smitRem tool will remove all other known files/folders and correct the registry changes made, which none of the AV or scanners will.