Not your average adware! Possible Virus.

[CTPTX]

First off, I'm running XP Professional.

So Here's the story: I was bored, so I began looking at my friends' away messages on AIM. One guy had a link to a "blog page" that I clicked on. It opened up this blank website and a black command screen. Instantly after that all these popups started flooding my computer. I ran both spybot and adaware and deleted all that came up.

I rebooted my comp and instantly "My Documents" opened out of nowhere and a few popups came up. Then AIM started on it's own and supposedly sent IM's to all my buddies and then put up an away message saying "OMFG" followed by the link I had clicked on prior to all of this. I log out of AIM, and then 5 minutes later it opens up again by itself with the away message.

I then restarted in safe mode and ran spybot, adaware, norton's 2004, run>msconfig, control panel>add/remove programs, and then manually deleted all the dangerous files in my program files and temp folders.

I reboot the same stuff happens again.

I then tried running task manager and it won't allow for that to open at all. It flashes open then closes just as fast.

What is going on and what can I do to fix it? I am entirely out of ideas.

 

[NiKEUS]

need more details like the name of the processes that run and any other files...

 

[CTPTX]

I can't tell you the names of the processes because I can't even get into task manager.

I also just deleted AIM and reinstalled it and the problem still exists.

 

[serpentracer]

You could try a download of Freshdiagnose. It has a snapshot viewer. It will show you every process running on your system with much more detail. It shows you every detail down to memory useage,maker of the process running, anything you could every need to know about the processes that are running on your computer. plus it has so many other tools for gathering info about your computer that you could ever need.
http://www.freshdevices.com/freshdiag.html

 

[serpentracer]

most importantly it even shows you where each process execution file is stored on your harddrive.

 

[CTPTX]

Processes:

System
smss
csrss
winlogon
services
lsass
ELIMIEXPLORE
CTsvcCDA

And I just talked to the guy i got it from and he said he clicked the link from another friends away message.

note: I can no longer run MSCONFIG either.
another note: I just fixed the aim problem in the AIM preferences by not allowing it to open webpages. But I still need help with "My Documents" opening on startup and the use of MSCONFIG adn TaskManager.

 

[serpentracer]

system = normal
smss = normal
csrss = normal
winlogon = normal
lsass = normal (this one is sometimes mistaken for a virus the normal windows file is a lower case L not a i) isass is a virus.

I have no idea what Elimiexplore is, I cant find anything on the internet about it.

CTsvcCda = http://www.anti-spy.info/file/ctsvccda.exe.html

also is that all of the processes that show up? if that is it then something has stopped all of the other needed processes for windows or turned them off from starting automatically. If you have Xp pro or 2000 pro go to your admistarative tools in the control panel. look for the services shortcut and open it. click the extended tab at the bottom of the window. Now here is a complete list of the windows processes. I can send you pictures of the necessary processes so you can adjust them to factory settings.
to adjust the processes highlight one and rightclick, select properties, now you can adjust its startup type and start/end the process.

 

[CTPTX]

No that's not all the processes. Here's the rest that I forgot because of that damn Away Message popup again.

-svchost.exe X 4
-ccSetMgr
-ccEvtMgr
-spoolsv
-navapsvc (Nortons)
-NPROTECT (Nortons)
-symlcsvc
-MSPMSPSv
-SavScan
-AIM
and
-fdiag

 

[serpentracer]

Fdiag = fresh diagnose = OK to have
Spoolsv = normal
see my new post below for the rest.

If I were you I would look at the "Company Name" of the process in freshdiagnose.
If you recognise any of them as being software that you did not install, I would follow the path in my files to find it and delete it.(the path is listed in freshdiagnose) if it turns out to be software that you installed and you want it you can always reinstall it.
Any process listed as (company name) "Microsoft" is normal and leave it. only suspect anything that is not from Microsoft. also some of the processes are on the internet just do a search. most of them you will find a explanation for it. If you cant I would delete it. like I said If it turns out to be something of use, some software you need you can reinstall it.

 

[serpentracer]

Ok I'v been searchin around for you looks like everything is legit.
ccevtmgr = symnatec event mangager= supposedly good.
ccsetmgr = norton service =good
symlcsvc = norton services = good
mspmspsv = media player services = supposedly ok
savscan = norton services = good.
try looking in freshdiagnose at the software system/startup/
look at HKLM\software\microsoft\windows\currentversion\run
these are programs that run at windows startup. maybe you can research some of these and delete the ones you dont trust.
sometimes you can find them on the internet like I found the ones above
and sometimes you can get a idea of what they are by searching for them through the files on your harddrive. the path is listed for them on freshdiagnose.

HKey local machine(HKLM)\software\microsoft\windows\currentversion\run (this is the path in the registry, if you want to get rid of anything go to this directory in the registry. you can delete anything you wish here. I belive it should be blank. mine has a few things for my Quicktime player and camera, sound card controller etc... these are only programs and not system specific files. everything here is installed by me with software I installed.