[Dave Hybrid]

This needs specialist help so evilfantasy, over here mate!

My dad has got a MSN virus that send 100's of emails from his PC a second, can see the avast scanner picking them up.

Internet speed is also non existant.

Have tried everything from virus scans to HJT.

A file called kqoka.exe seems the cause.

Let me know where to start mate, thanks.

[evilfantasy]

Try this first.

Download MsnVirRem.exe to your desktop from one of the following mirrors.

• Mirror 1
• Mirror 2
• Mirror 3

• First close any other programs you have running as this will require a reboot
• Double click MsnVirRem.exe to run it
• Once open, click the button labeled Search and Destroy
  • Your computer will now be scanned for Infected Files
• When scanning is finished you will be prompted to reboot only if infected, Click OK
• Now click the REBOOT Button.
• After the Reboot, you WILL receive file not found errors (usually 4) please acknowledge them and continue.
• A Message should popup fromMsnVirRemif not, double click the program again and it will finish

Please Post the contents of C:\msnvirrem.log along with a fresh HijackThis log

----------

Also post a Hijackthis log.

[Dave Hybrid]

Managed to sort this now mate, had to delete the file in the system32 folder as well as deleting the entry's in hijackthis.

Thanks all the same fella.

[evilfantasy]

Dave, it would be good to run the tool as well as SDFix. I have seen this virus found in up to 10 different locations from file folders to system files as well as windows folders. It's a pretty crafty bugger.

Download SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following:

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.
• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard).
• Finally add the contents of the Report.txt in your next post.

You don't need to post any logs, I know you are a fair hand at malware removal when you need to be

[Dave Hybrid]

ok mate, will do, thank you!

[philthomas]

Is this the Desktop you flogged to your Dad Dave ? ......
I dunno ..... thought you might at least of cleared all the spyware, before giving it to him

[Dave Hybrid]

Na it's his old one, mine is squeaky clean.