Hello OctoberRust,
You are indeed infected.
Please copy this page to
Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.
***************************************************
Download Hoster Do not run it yet.
-----------------------------------
Please reboot your computer in
Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5)
Login with your usual account. Make sure to close any open browsers.
-----------------------------------
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries:
F2 - REG:system.ini: Shell=Explorer.exe scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [Windows Update] C:\WINDOWS\scvhost.exe
Click
'Fix Checked' and close HijackThis.
-----------------------------------
Go to
My Computer->
Tools->
Folder Options->
View tab:
* Under the Hidden files and folders heading:
*
select Show hidden files and folders.
*
Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside
Hide file extensions for known file types.
* Click OK.
-----------------------------------
Using My Computer, navigate to and delete the following
File:
C:\WINDOWS\scvhost.exe <--Careful--make sure the spelling is exactly as seen here, and in this exact location.
----------------------------------
Run Hoster.exe:
**Note:** Due to the nature of one of the infections present, we will need to reset your Hosts file. You will have to reset any specific modifications you may require.
Click "
Make Hosts Writable?" in the upper right corner (If available).
Click
Restore Original Hosts and then click OK.
Click the X to exit the program.
----------------------------------
Reboot into Normal Mode.
-----------------------------------
Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:
Perform an online scan with Internet Explorer with
Panda ActiveScan- Click on
located at the bottom of the page.
- A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
- Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
- If it finds any malware, it will offer you a report.
- Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
- Click on
then click 
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan
-----------------------------------
Run a new scan with HijackThis and save the log.
-----------------------------------
Please include the following in your next reply:
Panda results
New HijackThis log