[Bubba]

What is against the law is stealing your password and as such, "stealing" your blog. But let me bow out. I didn't notice this was in the virus section.

[Anna257]

I did try to run the scan - several times - but it comes up with the message "Sorry updating is incomplete due to an error. Please try again." Oh.

[evilfantasy]

Some people think that they are insulted just because they read something. They need to grow up. If you don't like it then don't read it. That doesn't give them the right to try and cause you harm, either physical or mental.

What you did was tell your story. They took offense, that's their problem.

I'm tempted to ask you to send me some information about them so I can see just how well they can take being unfairly pushed around.

Reort them to Google for hacking into your account. If they want to play that sort of game then you should do all you can to stop them from doing it to you again when they next disagree with you.

I'm sure that it's no different in the UK then it is in the US. You can't just start taking any matter into your own hands. There are right and wrong ways to deal with something you think is wrong. Hacking into an account is not the right or legal way to do this.

I hope you report him to Google.

[evilfantasy]

Try this please.

Download DrWeb CureIt & save it to your desktop. Scan with DrWeb-CureIt as follows:

• Double-click on drweb-cureit.exe and then click Start
• An information notice will appear, click OK.
• This starts a short scan that will scan the files currently running in memory.
• If you get a prompt to buy the full version just exit out of the window. The scanner will still work without buying the full version
• If or when something is found, click the Yes button when it asks you if you want to cure it.

• Once the short scan has finished, Click Settings > Change Settings
• Under the Scanning tab UNcheck Heuristic analysis and click OK
• Back at the main window, select the Complete scan button and then click the Green Arrow Start Scanning button on the right and the scan will start.
• Click Yes to all if it asks if you want to cure/move any file(s).
• When the scan is done.
• In the Dr.Web CureIt menu on top left, click File and choose Save report list.
• Save the DrWeb.csv report to your Desktop.
• Exit Dr.Web Cureit.
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

* After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
* Copy and paste that log in the next reply

[Anna257]

Sorry about being really, really slow with this! I got as far as doing the scan. I got a red dialogue box "Proactive Defense". It says this: Rootkit detected. Rootkits try to hide associated malicious programs. Riskware: Hidden object. Running process (PID:1016): C:\Documents and Settings\Ca....\setup.exe
There's a choice to Quarantine, Terminate, Allow or Add to Trusted Zone.
That sounds a bit worrying. What should I do now, please?

[evilfantasy]

Quarantine it please.

I think that is a false positive and putting it in Quarantine will not hurt anything.

[Anna257]

Thank you for your help.

[evilfantasy]

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

[Anna257]

Thank you for the advice above. Can I just check something with you first though? I had a look at the report section on Kapersky a few minutes ago. It said this "Error placing C:\Documents and Settings\................RarSFX0\Setup.exe in quarantine (access denied or object not found)"
I'm a bit confused. Can I safely assume that the "riskware: hidden object" warning therefore was a false alarm? I'm just so nervous about doing this IT stuff to my laptop and making things worse!

[evilfantasy]

I can't really tell anything without seeing logs.