Hey,
I have been getting these popup windows (even when no browsers are on!) saying, windows at risk and they direct me to a site to get updates (yes i know, i shouldn't ever click on them) but i don't know why this is happening. Could someone help me stop this?

Moreover, AVG detects virusses in my Windows/System 32 folder called '.backdoortrojan' or something like that. i have tried to heal them or move them to the vault, but once in two days, there is another detection from the same folder, but another file.

i only claim to know the very basics of computers, and nothing beyond that, and i hope someone from this community will try to help.

Please post your HijackThis (http://www.spywareinfo.com/~merijn/downloads.html) logfile for a better assesment of your problem.




[Sigh] I posted that after a _long_ time .. :wonders:

how about first trying to install a free antispyware program like spybot or lavasoft's adadware. then running a scan in safemode or a boottime scan. your spyware problem should go. about your virus problem try deleting the file.

download, install, update any 2 of the followinf freeware anti-spywares :
adaware
ewido anti-spy 4.0
windows defender/ms antispy
www.downloads.com

scan ur pc in SAFE MODE with them.
also use 'ccleaner' to clen ur temp folders and other pc junk.
www.ccleaner.com

now as mentioned above, IF this doesnt solve ur problem, THEN post ur hijackthis logfile here or at www.hijackthis.de for scrutiny.

Thanks for the replies people.

I do use Spybot, and it detects nothing. Although i haven't worked them on the safe mode.
i have the AVG free version,i got another trojan today and i normally heal it or put it in the vault. it's extension ends with like backdoorbot or something.

As for the messaged. here's one of the messages i got;
http://i36.photobucket.com/albums/e37/mushroomcloudwarrior/Source%20files/c68eddde.jpg

and another one just popped up. This is getting irritating

http://i36.photobucket.com/albums/e37/mushroomcloudwarrior/Source%20files/9d0e5bee.jpg

If this helps you track any of these trojans are;
http://i36.photobucket.com/albums/e37/mushroomcloudwarrior/9da5a624.jpg

i hope that u had gone into safe mode AND cleared all ur temp files/folders/junk using ccleaner from www.ccleaner.com or any other such tool.

now disable windows messenger service.
if u wish u can use 'shootthemessenger' from http://www.grc.com/stm/ShootTheMessenger.htm

next try this tool from http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

revert.

ps. also disable systemrestore for the moment atlst.

erm, i have by mistake put a password for my bios settings (stupid i know) but i haven't been able to reset it.

i know there's some bios cracker or some program like that available. if you could only direct me to that.

You guys have been more than helpful in this thread. i'm surprised by your swiftness. Thank you.

EDIT:
Anandk, I have done exactly (or atleast according to me) what you told me to do in your last post.
I haven't received any trojan threats or messenger service messages, but it's really too early to say. I just want to thank you man!

Why was i having constant trojan attacks anyway?

The backdoor functionality viruses are difficult to remove.Even if they are removed there is always a threat that they return.Many a times these remain undetected. The most safest method in dealing with these are: format. This is the answer you will get when u post ur problem on other forums including Hijackthis.

Use google to look for SPYBOT search and destory it gets rid of any spyware and popups..... Also try AGV

just install panda, panda2006, trial for one month free, just install it and run it, and all your problems will be solved,