[pchelpers] virus problem

I got this computer that I'm about ready to give up on.

It came in all messed up and no protection at all.

I used AVG, spybot, ad-aware, Housecall,  CCleaner window defender to 
clean it.
After removing 100s of viruses and spyware (in safemode) I rebooted
and a window came up saying that IE had been completely removed and did 
I want to remove all personal settings.
Tried IEFix and tried to reinstall IE only getting the message that it 
already had a newer version installed.
So I installed IE7 and it seems to be working. Only on the MS update 
site the update scan window
won't come up. It says that there was an error.
I can't turn on the "Windows Firewall" cause the buttons are grayed out. 
So I installed ZoneAlarm.
I have installed SP2 and all the current updates.

The main problem is that I still get one virus alert from avg. It is 
c:\windows\system32\irnrs.exe (Trojan Horse Downloader:generic:UEO)
The heal and move buttons doesn't work on it. A full AVG scan doesn't 
see it. After unhiding all the files I found it with windows explorer
irnrs.exe.temp. I delete it and it comes right back after reboot. I have 
tried to delete it in safemode in the admin account with system restore 
turned off.

Goggle shows only one webpage for this virus. An anti virus program 
called GMS and they want $999 for 25 lic for it.

Spybot keeps blocking a reg change for a file called "rabfsh" with the 
line  rabfsh=c:\windows\system32\irnrs.exe runonce.
Can't find any file called rabfsh

Spybot also shows two reg lines that it can't delete.
H..L..M\system\controlset001\services\cmdservice
H..L..M..\system\current controlset\service\cmdservice

I tried to delete them with regedit but was denied access
Went to Safemode admin account and was still denied access

Tried to use Panda scan but in Safemode I get up to the point where 
ActiveX needs to run
and after clicking on the yellow bar to give it permission the window 
comes back saying
that it could no longer display the webpage that it had to re-send the 
data.

In normal mode clicking on the scan now button doesn't do a thing.

So this is where I'm at now, with a computer that appears to run alright 
but only with a AVG Alert popup every 30 secs.

Pc


-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

Other related posts: