i could see that you had posted elsewhere requesting for assistance. It would be great if you stick to one post to ensure that you get maximum attention in provided to all the users posting.
Posting more threads will only delay any help coming your way as the helper would get bogged down trying to answer all open posts ( not to mention the confusion this is going to cause).
Hope this helps
Upon reading the other posts, you had asked the person to create a new thread - so I wasnt sure what to do. Shall I continue with this thread or the other one? Malwarebytes did detect the program System Tools 2011, said it removed it - and yet I rebooted and just logged on to the other user (the infected files) and its worse than ever - now my entire wallpaper is the "your're (spelled wrong) computer is infected"
mbam-log-2010-12-14 (18-42-51).txt.zip 591 bytes
you may post in this same thread.
I am not surprised by the lack of detection there... eventhough I love that application it seems to be detecting files / location it already known and is not based on othjer advanced detection techniques.
here is what you could do...
Read this document and perform the indicated steps.
ideally we could start off by Running the latest version of stinger and update the logs of the same in next reply
That Required reading document is a waste. When you go to the section on how to send a virus file to macafee - the link is dead.
I just finished cleansing this from my computer.
McAfee - useless - third time this year. I'm done with it after more than 15 years, they just dont measure up anymore.
Malwarebytes found the link in the startup file that was bad, but not the actual file. Once I found the file Malwarebytes at least recogonized it as a virus - McAfee blithley declares it clean.
The file was located in a hidden folder (hidden directory C:\programdata\pDaLd06309 - which i have to believe is random)
The trick seems to be that the desktop.ini file in the startup -and several other folders off the start menu- had been modified to kick off the file. There wasn't anything in the registry on it. But that might have been because the user was a limited account.
(Attached file has virus)
Message was edited by: dpal on 12/14/10 11:09:36 PM CST
pDaLd06309.zip 302.8 K
Make sure you note my attachment is the virus file. I just changed the .exe to .exe-bad