Virus? Spyware? I need help!

[the_brainaic]

Story: Story removed, suffice to say I accidently clicked yes on something that asked me to run it.

Problem: Something keeps running copies of itself, which then tries to connect to something across the internet and download another program, which I assume is a trojan because I became intrigued and decided that I couldn't come to any harm by accepting to install it, and it might stop the original program from trying to connect every minute or so. I ran a virus/spyware check with Spybot and AVG Free, and I've cleaned everything up that they have come across but I'm still getting this. As I'm behind a proxy, everytime it runs and tries to connect I get a username/password box that pops up, even in the middle of a game or something.
I look in the 'processes' part of the task manager and there are multiple copies of winEDD.tmp.exe running, and multiple copies of winED9.tmp.exe. These are directly related to the popups as a new copy of the exe opens just before a username/password box comes up, and the box dissapears if I close the process. I don't know how to get rid of it, it's really annoying me! Can someone help please?

 

[~Divine~Wind~]

 

[aaazza]

EDIT: Actually first edit (remove) the bit about the LAN and the game, a lot of people on these forums will moan about you posting things like that.

First turn off system restore, then restart, get into safe mode (hit f8 or whatever key as computer boots up).

Once in start looking at msconfig (Start->Run->msconfig then go to startup tab), turn off stuff that is obviously the spyware (if you can identify it - google is your friend).

First delete all your internet cache (use CCleaner or similar).
Next run anti-spyware tools (spybot, ad-aware, windows defender, e-wido).
Also do an alternative virus scan if you can. If you haven't got any virus protection use trendmicro (http://housecall.trendmicro.com) or mcafee stinger.

If this fixes the problem then job done.

If not it's time for extensive googling and hijackthis!

Let us know how you get on.

aaazza

 

[the_brainaic]

Hmm... I tried CCleaner, and it told me where the two exes were sitting, in c:\windows\temp\ - deleted them now. I hope this solves the problem, I'm just gonna have to wait and see I guess!

 

[~Divine~Wind~]

Sorry bout that mate

Have you done a coupla resets to see if it reinstates itself ?

Registry first aid should also remove any questionable registry entries I think.

 

[the_brainaic]

OK... It seems to be randomly coming back. For example, it started again when I ran internet explorer, and then it started today when I started watching a streaming clip. It's making exe files in my c:\windows\temp folder and running them. As soon as I delete them it makes more. It's really irritating! I'm gonna have to have another look to try and get rid of it...

 

[bledd]

http://www.msfn.org/board/index.php?showtopic=65071

follow that!

 

[the_brainaic]

Yay, thanks for everyone who helped. turned out that I had a trojan called clicker.kb, AVG wouldn't get rid of it but NOD32 did. Thanks again people!

 

[ben_j_davis]

If you have a spyware/virus problem you want to get yourself over to http://www.bleepingcomputer.com/forums/forum103.html sign up and they will tell you what to do. On the couple of occasions i had big problems they sorted everything out for me

 

[Chaos]

Stinger is a pretty good trojan finder, free to -

http://vil.nai.com/vil/stinger/