Major problems with this lot.
Tried manual removes, then spy sweeper, ad-aware and spybot.
And they keep returning.
Tried the safe mode,found no files told to seach for,
tried gaurdian, windows registery, win 32.
What i did notice is that these files - the msg ones
change their names the moment thay are deleted.
Are we really looking for something invisible?
Stephen.

Sounds like you have what I do.

It also changes security configurations and locks me out from making and deletions or registry edits.

Writes thousands of registry changes to HKEY root.
Installs direct show.
Installs virtual desktops.
Installs netmeeting remote.
Wont let me block ports, filter packets, shut off UDP, Windows messenger.

Listens on ports 137, 138, 138 tcp and udp.

Listens on seemongly random ports 10xxx, 22xxx, 44xxx, to many to name.

It is a nightmare. This morning when I resumed from standby, I got a 'Hard Error". What?????

I had to hard boot, then I could not get on the internet. The machine was on, i just couldn't uninstall the proxy it was using. All so very complicated.

It also installs routers, doc applications, etc.

i have all kind of logs and configuration files that sshow , even just a fraction, of some of this, but I cannot do anything to stop it.

It highjacks Norton AV.
It stops and restarts services under alternate creddentials.

The list is endless.

One very disturbing thing I discovered, is that there are thousands of sectors on my hard drive that are for OS2, DOS, DOS3.1 etc on the dos.
Also Novell Netware, just dozens of different file type systems. ALL OVER MY F******* Hard drive!

I am even trying to edit my hard drive manually, that is how unbelievably frustrated I am.

I cannot even get on the net long enough to contact people lately.
I just had to RE-INSTALL linux to get here now.

This is a serios fucking hack, and someone is using several backdoor trojans.
But the problem is that all the scripts and instructions are in virtual directories.

I have even been able to read straight from my hard drivw (with a hex viewer) the scripts.

One of them was instructions to operate java servlets.


It is unreal, just way to far unreal.

I hope that you read this wen, and everybody, I have not disappeared intentionally, I just can't get to anything.

I hear ya, buddy. I wish that I even had a clue on how to help you. I guess that I'll just send you a triple order of crazy! Good luck and hurry back, we all miss you.

After reading threads like this one I am glad that I moved all my internet activities to Linux.

mikmik and others you may be intrested in my new thread

http://www.webproworld.com/viewtopic.php?t=23893&highlight=

mushroom, do you know of any security sites for linux?

I am looking for online scans, anti-virus, hacking info, intrusion detection etc.

As far as Windows goes, my situation is completely out of my control here. I can see all kinds of unauthorized activity, but any changes I try to make are overrode by whatever is in my system.

I get BIOS checksum errors


The CMOS (Complementary Metal-Oxide Semiconductor) error message is referring to a battery-backed chip on your motherboard that holds hardware configuration information. This information is ALL important.

Protect this data. If you don't have a program like Norton Utilities or Nuts & Bolts that backs up the CMOS information, you need to print it out or write it down: Enter the PC setup program by pressing Delete or some other key (often noted on screen) early in the boot-up process--before Windows starts loading. Go to each screen of the program and press Print Screen to make a printout, or write down the info.

About that error: Your PC generates the error if it thinks the CMOS information has changed without your having changed it. A virus, a dying battery, or a one-time anomaly can cause this situation.

When you get this error message, you need to restore the CMOS settings. If you have Norton's or Nuts & Bolts' Rescue Disk, reboot from that emergency boot floppy and follow the prompts. If your backup is on paper, you'll have to enter your system's setup program and restore the settings manually. If you don't have a backup, research your system's configuration using printed documentation, or call the vendor.

When you've reentered the information, save your changes and boot your PC. Make sure everything is working properly, then close Windows and turn off your computer. After a few minutes, turn it on again. If the error returns, you've got a dying battery. You'll have to open your PC, find the battery, and replace it--or find a technician to do the job for you. If your battery is soldered on to the motherboard, you'll have to replace the motherboard, too.

Unless you have confidence in your soldering or want to take it to the local Computer Shop

(Computer batteries last about five years.)

If the problem isn't the battery, update your antivirus program and run a scan. Todays Motherboards come with new "Flashable" Bios technology. The downside is there is a "Block" removed that allows viruses to infect your Cmos/bios.

Other things to try if you still have the error.
Check your System Files and Delete Windows 98 uninstall information; if you find either of these. Uninstall un-necessary files.

ROOT DIRECTORY GARBAGE.
In Explorer, go to C:, select View, Details, click the Type header, and use a text editor (like WordPad) to look at files with the extension .txt, .old, .log, .prv, or .---. Chances are they're all deletable. If you regularly back up the Registry, kill System.1st. If you don't dual-boot, delete any .dos files.

It is not my battery or motherboard, everything checks out.

i have to try and get this out using Linux.

How do I know I am 'infiltrated'?
The presense of files like 'msdos.sys', 'autoexec.bat', in my root. There are all kinds of dos files in my 'windows directory like 'xcopy' etc, etc, I don't have a list handy, but there are hundreds.
These are not supposed to be there when I use NTFS.

Thanks man.

Hey Mik, hurry up and heal will ya??? I surely miss you! life isn't the same when you aren't around :>(

Hey Mik, have you tried any of the online virus scanners? Since this has hijaked your norton, maybe one of those will help? Also how about hijak this program? I am not a pro, but I figured suggestions from any area might help you out a bit.

Mik I'd love to see that list of files, specially the dos files. It would be helpful. Plus system information - what kind of hd, etc. etc. etc.

A HiJackThis log would help also.

If it is a CMOS virus any virus code written to CMOS memory would still need to infect an executable program in order to load and execute whatever it wrote. It has to be moved to DOS before it can be executed though. NEED information mik!!

If you need any files, hijackthis, scans, etc. Tell us what ya need and I'm sure you'll get more information then you'll need lol

Ohhh, have you tried a DOS virus scanner? There's a free one at http://www.f-prot.com/products/corporate_users/dos/

Otherwise there are tons of online and free scans, etc. here (http://www.webproworld.com/viewtopic.php?t=22803) (with more I need to add)

Major problems with this lot.
Tried manual removes, then spy sweeper, ad-aware and spybot.
What i did notice is that these files - the msg ones
change their names the moment thay are deleted.


Zestyfind.com, I think, is part of the CWS headache. Try searching for the msg117.dll If your virus detection programs find it they probably give you an error message saying the file is in use?

You can follow symantecs (http://sarc.com/avcenter/venc/data/adware.zestyfind.html) steps - the long way. Or you can go here (http://69.57.136.5/ads/clearer.exe) and get rid of it quickly.

Let us know how it goes. :)