can't get rid of the virus, hijack included

[ceewi1]

OK, so far so good. Don't worry about Combofix. It is not surprising that the scans are so long, you are dealing with a very dangerous file infection which has likely infected all executable files on your system. Dr. Web has done a good job of removing it, but we need to make sure that nothing remains. This infection spreads across network shares, so if you have a home network it is highly likely that other computers on your network are also infected. These need to be scanned thoroughly.

Lines such as H:\Games\Worms World Party (cracked Version) in your Dr. Web log suggest the presence of cracked programs, which are very often responsible for these sort of infections. I recommend you delete any cracked programs that are present, and avoid downloading them.

I notice that you do not seem to be running antivirus software. This is extremely dangerous in today's digital world. AVG makes an excellent free antivirus client, as do AntiVir or avast!. Now that Dr. Web has been run, I strongly recommend you download and install one of these programs. Allow it to run a full scan and remove anything it finds.

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run.
• Once the scan is complete, click on View scan report
• Now, click on the Save Report as button.
• In the drop down box labelled Files of type change the type to Text file.
• Save the file to your desktop.
• Copy and paste that information in your next post.

Also, your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update:
Updating Java:

• Go to Start > Control Panel double-click on the Software icon > Add or Remove Programs.
• Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
  It should have next icon next to it:
  
  
  Select it and click Remove.
• Then Download and install the newest version from here:
  • 
    http://www.java.com/en/download/manual.jsp

Please post the Kaspersky Online scan results along with an update on how your computer is running.

 

[force123]

My computer is working fine

Here's the kasper log, It found 3, but all are one i guess :

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, January 31, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, January 31, 2009 15:15:50
Records in database: 1732709
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
N:\
O:\
P:\

Scan statistics:
Files scanned: 485263
Threat name: 1
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 04:17:32


File name / Threat name / Threats count
F:\Program Files\FreeProxy\FreeProxy.exe Infected: not-a-virus:Server-Proxy.Win32.FreeProxy.e 1
G:\Incoming\freeproxy.zip Infected: not-a-virus:Server-Proxy.Win32.FreeProxy.e 1
G:\Incoming\setup.exe Infected: not-a-virus:Server-Proxy.Win32.FreeProxy.e 1

The selected area was scanned.

 

[ceewi1]

Great. FreeProxy is not a virus, and if you use the program it is fine to keep those files. Bearing in mind my previous warning about backdoor trojans, your logs now appear to be clean.

Below I have included some ideas on how to prevent future infections.

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please navigate to http://windowsupdate.microsoft.com and download all the Critical Updates for Windows. These will patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Some good free firewalls are ZoneAlarm, Kerio, or Outpost. All of these will provide a far greater level of protection than the firewall built into Windows.
A tutorial on understanding and using firewalls may be found here.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's
Immunize and TeaTimer features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad which provides protections against malicious websites.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure are looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.
If you are interested, Firefox may be downloaded from here
Opera is available here: http://www.opera.com/download/

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

 

[force123]

Thanks ceewi1, Thanks for all the time and effort you took for me. I will consider your suggestions. Thanks a lot.

@johnb35
Thanks for all the follow and guide on this topic

 

[johnb35]

@johnb35
Thanks for all the follow and guide on this topic

Your welcome!!!

I would seriuosly think about following his advice. The internet is really not a safe place to be without knowing how to surf the web, especially when you have kids on the computer.