I don't know what else to do. I just installed the net on my computer today (Verizon DSL) and since then I have had four files show up in my Local Disk. All apps.

One is GMx, another labeled Test, another named Mommaf***, and a fourth named sd3hesa.

When all four get together in the file, every five minutes it redirects my browser to a site http://67.15.70.15/~black/f***porn.html, which is blank. I can't get rid of it. There are two programs in my Program File section that I can't get rid of permanently either, one is Internet Optimizer, the other is AdTools Services. I can't get rid of any of this and I think that if I could get rid of those two, it'd solve the problem. Can anyone help?

Trend mirco online virus scan
http://housecall.trendmicro.com/

Lavasoft adware
http://www.lavasoftusa.com/
download directly
http://www.download.com/3000-2144-10...age&tag=button

That should help you some.

Quote: Originally Posted by corruptjoker Trend mirco online virus scan http://housecall.trendmicro.com/ Lavasoft adware http://www.lavasoftusa.com/ download directly http://www.download.com/3000-2144-10...age&tag=button That should help you some.

WIll the lavasoft let me delete without paying?

It's free. Both are. You may have to run adaware in safe mode to remove the suckers though.

I have found avast to be an awesome AV scanner. Not a single incident since I started using it a while back.

www.avast.com

It's free, sleek, and you can make it update automatically.

don't forget about spybot search and destroy and spywareblaster. both programs are free and can be downloaded from download.com. just make sure to do the updates for both often.

Grr...

the programs helped but something keeps reinstalling the adtools files. When they appear, so does the files that hijack my browser. I can't get rid of them permanently...is there any way to do this?

Depending on the variant it is, you will likely have to dig in the registry or even go into DOS mode to delete these nasties. In DOS, (if you know it well) you will likely have to use switches to make some files visible before deleting them. I'll try to find what the switches are but more likely there are registry keys that are causing these to reload.

Edit: GMx.exe, momma.exe, and test.exe are al from the same Trojan but I couldn't find any infor on the 4th file you mentioned. First thing I would do is go to Start > Run and type msconfig. Go to the start tab and uncheck anything you do not want to start automatically when your computer starts (because you will have to restart after making changes).
Once your computer restarts do a search for all of those files and delete every instance of them (and possibly the folders they are in too, but not sure without more info.
Then you will have to go into the registry to get rid of the rest. If you are not familiar with registry editing, you may want to get some help in person of someone that is before continuing.............ok, now search the registry for those same files and delete keys that have those EXACT names in them. Be careful though, there could be similarly named things in your registry that if you delete, Windows will not run properly or at all.
After all this, don't forget to go in and change your homepage back to whatever you want it set to.
If you are using Internet Exploder, now might be a good time to make the switch to Firefox or Opera.

http://www.microsoft.com/athome/secu...e/default.mspx
enjoy

Honestly you should try the Microsoft AntiSpyware tool. I have used it in the last couple days on a few machines and it has found and removed stuff that have troubled both Adaware and Spybot.

http://www.microsoft.com/athome/secu...e/default.mspx

EDIT: What are the odds I would post the same minute Fuel would??/

Bump for added info to my last post.

The program says that it cannot find msconfig or one of its components. I'm running windows 2000, if it makes a difference.

How do I get into the registry?

Ahh, Win2K doesn't have msconfig like XP does, but there is a way to get the desired effect, I just don't recall sice I haven't used 2K in a while.
For the registry though (again be VERY careful deleting anything in the registry as it may cause you to have to reinstall windows), Start > Run and type regedit (I believe Win2K still uses this name).

It's a bit early to tell, but it looks like I found the viruses that were causing the problems and they're deleted. A couple of Trojans, like you thought.

My computer is operating normally, and has been for well past the time those programs reinstalled. I won't be sure until I restart a couple times, but thanks for the help everyone!

Quote: Originally Posted by Calypso It's a bit early to tell, but it looks like I found the viruses that were causing the problems and they're deleted. A couple of Trojans, like you thought. My computer is operating normally, and has been for well past the time those programs reinstalled. I won't be sure until I restart a couple times, but thanks for the help everyone!

Hi there,
I have exactly the same trojan. Did you get rid of it and how did you do it?

Pls let me know.

gr
D.

A little late actually but GF did you know what you can actually copy the msconfig executable to a windows 2k machine and use it - fully functions. I carry such on my thumb drive just for such occasions. Just a bit of info everyone might want to file away.