My motherboard finally got back to me today after I returned it under warranty, but to my surprise I have now magically contracted a trojan. Symantec Corprate Auto-Protect is going completely crazy when I boot normally but, of course, detects nothing when booting in safe-mode. A full scan while in safe-mode returns no results, but as soon as I boot normally it starts perpetually discovering and removing this trojan.
The Instructions from Symantec (http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2002-091214-5754-99&tabid=3) solve nothing. Spybot and adaware detect nothing either. I've attached my HijackThis log. Any thoughts?

http://img.techpowerup.org/071119/trojaninfo.jpg

ad aware 2007 ftw

_FBi;538873']ad aware 2007 ftw

seconded

+1

spybot search & destroy might be able to get it too.

boot into safe mode or with a linux live cd iv had to do this b4 the av would go nuts but id boot into safe mode and search for the exe and delete it i see its been abbreviated [1] that means theirs original discover.exe youll need to find and delete both.....then boot and run a virus scan ....it will or should be able to delete all the files associated with it now.

Wow that sucks. Is the infected file in some program's directory? Run msconfig and turn off as much as you can. Try doing an offline scan, by popping your hdd in some other rig, and doing the virus removal from there.

Try AVG rootkit remover free edition.

http://www.grisoft.com/doc/download-free-anti-rootkit/us/crp/0

hope it works 4 ya

Thanks for all the advice everyone, but nothing has helped. Registry keys and files that I delete come back every time I boot. Every program detects something, even AVG rootkit, but none of them can do anything permanent about it. Looks like I'll just nuke my hard drives.

Sometimes that needs to be done, Polaris. It sucks. It looks like a nasty one. Write zeros, unplug pc, drain power, unplug ram, leave it that way for 30 mins, clear CMOS, put it all back togeather. A bit extreme, but sometimes they hide themselves in RAM.

Is it possible that this 'trojan,' is a "Look2ME" virus?

L2RM might be able to find it, if it's locked in the memory.

Sometimes that needs to be done, Polaris. It sucks. It looks like a nasty one. Write zeros, unplug pc, drain power, unplug ram, leave it that way for 30 mins, clear CMOS, put it all back togeather. A bit extreme, but sometimes they hide themselves in RAM.

yeah, make sure you write 0's to the whole drive, and completely drain the system of all energy and then clear the cmos and reboot.

Try disabling system restore as in many cases trojans/viruses will be held there as well as on the active partition

Thanks for all the advice everyone, but nothing has helped. Registry keys and files that I delete come back every time I boot. Every program detects something, even AVG rootkit, but none of them can do anything permanent about it. Looks like I'll just nuke my hard drives.

there are times like these where norton ghost ftw...

Sounds like a "ZOLOB" to me, they hide in the RAM and the BIOS. SO you gotta scan HDD first and remove both program and registry key then shut down remove Ram and let it discharge reset bios, and reinstall RAm to get rid of them.

Last time I got one of these I ended up finding a FREE zolob remover somewhere with google - I think it was even a MS thing form Microsoft website.

:toast:

Try disabling system restore as in many cases trojans/viruses will be held there as well as on the active partition

^^ That's where I've found some nasty ones on peoples drives too!^^

Yeah, one of the first things I did was disable system restore. Anyway, a format took care of it so I don't have to do anything extreme like write zeros to the drive. Anything of importance is backed up, so these things are just an annoying waste of time.

My motherboard finally got back to me today after I returned it under warranty, but to my surprise I have now magically contracted a trojan. Symantec Corprate Auto-Protect is going completely crazy when I boot normally but, of course, detects nothing when booting in safe-mode. A full scan while in safe-mode returns no results, but as soon as I boot normally it starts perpetually discovering and removing this trojan.
The Instructions from Symantec (http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2002-091214-5754-99&tabid=3) solve nothing. Spybot and adaware detect nothing either. I've attached my HijackThis log. Any thoughts?

http://img.techpowerup.org/071119/trojaninfo.jpg

Try disabling system restore as in many cases trojans/viruses will be held there as well as on the active partition
Yes dam MS lol.


Check Java out delete all it's cache as i picked up viruses more than once with that dam program..