to start all over with your machine(s). Format and clean install of the OS, or back to factory settings if you've got a Recovery CD.
Sometimes this is the easy or even the only solution for virus troubles.
Here's a copy of what I sent to Yahoo, for what it's worth...there's a few real employees there right? I don't know if these (Yahoo, Microsoft) 'primary' IDs are the best forum to drop my info or not, but it's definitely one area I saw being mined by my 'parasite'. Certainly does give a hacker beaucoup bank for their buck doesn't it? There's not even any way (after the horse is out of the barn door) how many total accounts of one kind of another were originally spawned from my computer's ID, and the hacker covered his trackes administratively even if this technically were feasible.
I've no experience in the Forum/thread environment, but here goes.... It may have been fixed by now - I can't really tell from a few CNET things I'm seeing... maybe some of the anti spyware cos are just looking for new business... but I'll try to relate a few of my observations....curious to know if anyone has seen some of the same unfathonable horrors I have. I think I first realized that I had a problem around Nov 20th. Of course it could have come earlier. I noticed the problem on my friends mini home-network)...She had a Toshiba Satillite A10 laptop Win XP Pro ... I replaced an old PC with a new Studio Dell Vista Home Premium (this and the laptop both IE7 sp3) on an existing home network .I quickly noticed problems in every email program (Aol, Yahoo, Google, Comcast), AOL(IM) Yahoo M, every toolbar (whole lot of tollbar handiwork but I just didn't write it down), add-ins (for toolbars), programs like myspace, youtube, IM, Facebook, etc that you can signup for separately and then put an icon in your toolbar affected), and of course Windows itself (both VISTA Home Premium, and Win XP PRO) SETTINGS. I even think that somehow a service on my cell phone was used based on info taken off the computer. And of course, at this point I have no idea if any financial info on the computers was at risk or just the access time for gaming, chatting, etc. (These seemed to be the types of activities that were being targeted from my perspective). I can only hope..."
" I'm still dealing with this. My friend's network is totally knocked out and now unhooked and collecting dust at my place, waiting for a tech. Mine is also infected, probably originally via emailing myself...I could tell by my new www.msn.com home page when I got home which I could not change in Explorer (I found the only way to change & keep a new home page with this virus was to download a program in which automatically you had the choice to have that software change change your home page as well as not accept further changes from another program)...so I'm trying not to email anyone (a good idea right? So I'm going to have my guy look at my PCs too. I had McAfee 'disinfect' my friend'several times last week (and they told me they were successful although I could see that they weren't); I also tried at various points Spyware Terminator, XoftspySE and Panda and proabably 1 or 2 others either on the laptop and/or the desktop....in vain. (I had brief hopes for Terminator for awhile because it insisted on me evaluating what to do with a particular "cookie" (I deleted it)...and then it immediately rebooted the PC (pretty drastic), and then restarted at the same point...the only time it did that)...
" Few more details I promised...Yahoo (program)...made many changes to preferences, changed and SHARED access FROM myself TO ANYONE for all Yahoo programs, created/SHARED aliases. Trueswitch.com ??? It has prevented me from fixing the problems. Google I haven't been into much yet but I can tell it's the same deal, and Google has more functionality.
Panda's initial output - generic.dx trojan 5445xdat.exe.
Identity protection not installed.
Nice to see I'm allowing remote assistance to whoever might want it.
Something I wrote down and now don't understand -maybe you will...
Startup and Recovery Settings
Write Debugging Information
small memory dump
kernal memory dump
complete memory dump
I may have been noting that debugging info had been changed to none by the virus (I changed it back to complete).
boot.ini file /fast detect/noexecute=option
small dump directory
" I got a text message on my Verizon phone shortly after a lot of this happened informing me that my online account password had been changed, and that I should call (Verizon) them if it was not correct. When I called I discovered use of my phone and had it 'unregistered'. "
" I felt like this virus became very aggressive as soon as it became obvious I might be doing things to try to get rid of it. For example...my entire Vista HELP file disappeared, and since I was a Vista newbie that slowed me down a lot. (Desktop =Vista Home Premium, Laptop = Win XP Pro) Then when I would try to change Windows settings or Toolbar settings all of a sudden my font went from medium to largest and it would no longer be possible to reach the part of the screen I had to get to to say <OK> to accept my changes. Or it would return messages ""Oops...the server is busy now...try again later"" (Yahoo). When all alse failed, I just wasn't able to boot the PC anymore. Put me out my misery I guess."
" Wish I were able to remember more details...then again, hope one day I am able to forget. The sophistication of this thing just amazed me....I hope we have some of these hackers on 'our' side...."
" If you know, please let me know what the damage is, and what the best remedy is. "