I've had similar problems before. I found that running a multitude of different antivirus and antispyware software at once may be a good way to go to hit it from all different angles. There are a variety of free programs you can use. Lavasoft Ad-Aware SE, Spybot Search and Destroy, and Microsoft Windows Defender are all free. Ewido makes an excellent antivirus that you can run scans and removal of maleware for free, at least during the trial period. If none of that helps, look at this forum to see if your problem has been identified before and solved:

http://forums.techguy.org/54-security/

If not, post your problem and the guys there can probably help you. They sure helped me. Best of luck.

If it's what I think it is, you have two options.

1-Unplug from internet. System Restore to several days before it started. Clean browser cash and remove all cookies. Then run updated spybot, adaware, AV.

2-Format C:, reinstall everything.

My wife got a hold of one of these and option 1 "almost" worked, it came back after a few days. Ended up doing option 2. If you get your hands on the slimeballs, give them a few kicks from me!

Sounds like you might have been infected by a version of Cool Web Search. Check out the following link to a good removal tool.

CWShredder

Jim

After never having had this happen on nine computers (we don't run anti-virus or spyware programs in the background), my son clicked on something two nights ago and we got almost exactly what you describe. I tried anti-virus scanning and adware scans, but they didn't eliminate it. So ... I had to get out the machete and go in there and hack it out with my bare hands. I sort of relish the hand-to-hand combat.

I found out a few things that may help you, and perhaps others. There are some damn clever exploits that I think are relatively new that will cause your browser to pop up from nowhere and start spawning all sorts of other pop ups and downloads.

First thing is to try to use System Restore. In my case, this didn't work, because the infection process screws up the ability to restore, probably because all the CRC checks are invalidated by installations that break the rules that Windows uses to keep track of things. However, if you can restore to a time before the infection, you may be OK, and won't have to do anything further.

If that doesn't work, boot to safe mode (press F8 a few times during bootup, every time something changes on the screen), and choose the first option (no networking). This will let you run with the minimum impact from whatever bad stuff is running on your system. Then, run your spyware removal and anti-virus tools and let them do whatever they can.

Next, look at the root directory of your computer, in the C:\windows\system32 directory, and in the C:\Program Files directory. Sort by date. Hopefully you know approximately when the infection happened. If necessary, right-click on the column headers in Windows Explorer and make sure that both Date Modified and Date Created are shown. In each of these directories, sort by these criteria and look for any EXE, DLL, OCX, JS, or VBS files that were modified or created within an hour of the time of your infection (you will have to go in the recently modified Program Files folders to find these). Often they will have names that are obviously computer generated (gibberish characters and numbers) or at the least will have names that don't seem to relate to much of anything. Delete these to the Recycle Bin (don't empty the Recycle Bin until you're finished, in case you delete something that is actually legit).

Now for the exploit I discovered that none of the virus or spyware products caught.

Right-click anywhere on a blank area of your desktop. This will bring up the Display Properties dialog. Click on the Desktop tab. Then, click on Customize Desktop. Within that dialog, click on the Web tab. This takes you to a dialog that lets you display a web page on your desktop. What the infection did on my computer was to put an infected web page on my desktop, and that web page had been constructed to exactly match all the icons on my desktop! My son noticed that the icons looked ever so slightly different than normal (the text below them was inverted), but otherwise everything looked normal. If you have never used this feature, the only thing you should see is "My Current Home Page" and it should NOT have a check in it. If you see other pages, they are your problem. Click on them and delete them.

Hope this helps!

Whatever it is, it will not allow me to do a system restore! Reformatting the drive and reloading everything is the last resort, for now.

My 2 cents – I’ve had all that before.

After these three steps I’ve never had a problem again.
Spend some money.*

1. Trun off system restore – you will keep getting infected – things hide in there.
2. Buy MacAfee virus scan.*
3. Buy spyware doctor use it to clean up the other junk – I then UN stalled it.
http://www.pctools.com/spyware-doctor/features/


Ad-ware & spybot (free) missed a few things that spyware doctor got.
Use firefox to surf
*MacAfee will detects new attacks.

I have used "hijack this" with great success on my client's computers before. I have not had this issue in a great long while. On some that I worked on, it would not allow me to even go the "spyware, anitvirus, hijack this" pages- it would block them and reroute me. I installed via a disc and ran it in safe mode and got a list of the registry items, did a search to see what was legitimate and removed the rest and before restarting I went into the add/remove program files and removed everything that I or the client did not recognize or that looked like spyware. One was even called XP related update and another was Windows related. They were not under the windows installed components so I knew they were not legitimate. After removal, I rebooted in safemode and ran antivirus (AVG) as well as Microsoft Antispyware (which is now defender) and Lavasoft Adaware. Then I rebooted regularly and all was well. Sometimes I can't get it all as I can't find it all and sometimes to remove certain things, it makes you go to the webpage it brings up to remove it. On those, I delete all the files that I can in the folder and all the registry keys I could find.
Hope this helps but HIjack This is up there on my list of useful tools- just be careful with it as you can really mess up your computer if you delete the wrong things.

j razz

Alan, the HijackThis application did it! Thanks a million!

Thanks to all of you who took the time to make suggestions and offer your help! They were, are, and always will be greatly appreciated!!!

Microsoft Defender found a couple more malwares, but could not remove one called Look2Me. Anyone know how I can get rid of that?

That one is ugly. I would use the manual method, not the "Look2Me" uninstaller mentioned here:

http://www.pchell.com/support/look2me.shtml

Here's maybe a better method:

http://atstake.com/avcenter/venc/data/adware.look2me.html

im dealing with this now..

my wife went to amazon last night, and a pop up came through (even though weve got teh google toolbar... turns out it was the first thing to get corrputed...

okies, well the easiest way is to grab urself 2 programs...
PrevX1 trial
and
Smitfraudfix

run the trial of prevx1 and allow it to run a full scan
then run Smit

the prevx might have trouble, so run mist in safe mode and follow the prompts.

Go here for detaled info...
[URL]http://forums.digitaltrends.com/showthread.php?p=63869#post63869 [\URL]

Cookies couldn't do that.

The "damage" inflicted by cookies is vastly overrated.

n19093 , i think the predominant idea is to FLUSH the system of all non essential entities, cookies included...

ah Look2M....you also may have a "backdoor" some where open like I did.
I did all the free options first, like you, but still had things lurking

spyware doctor should take care of look2m.
To get any "backdoors" that could be open Macafee worked great for me for that.

system restore will save all that crap if you don't turn it off/purge it first.

Get a FREE SCAN that will show if it can fix the problem.
http://www.pctools.com/spyware-doctor/features/

I wound up using Ewido and it got the Look2Me along with a few others.

Now, after an hour or more online, the modem decides it isn't functioning properly and the sytem reboots. Only the modem doesn't reload.

I guess I am down to the "last resort" of reformating the hard drive and re-installing everything... again. This will be the second time in as many weeks!

Talk about a love/hate relationship!