W98 SE. Updates were done about 8/20. AVG Pro anti virus. Zone Alarm Free. Spybot was ran about 8/20. IE 6.

Have a desktop full of shortcuts linking to the porn sites. Any IE window will try to redirect to secure911.com. Trying to open any program will redirect secure911.
Trying to open an exe file will redirect. I can get into a Safe Mode and a C:\ prompt.

All of the below was done Whill in Safe Mode.
HJT will not run. No exe file or Program will run all get redirected.
Renamed the HJT exe file and still will not run.
Internet Options IS in the Control Panel but will redirect.
Trying to open the control.ini with notepad will redirect.
A search for *.hta list only winsys.hta. Properties for it dosen't identify it. Moved to Recycle.
Search for *.js finds several. Opening then in notepad gives the redirect. There are maybe about 15 that are dated whe the problem started. Should I delete them?
I deleted all the *.tmp files and Internet Temporary files. What about all the files in C:\Windows|Temporary Internet Files\Content IE5? Dump them?
Any command in the Run box will redirect.

Thanks

Please follow all of Owen's instructions HERE once you have completed that post your log on the Spyware, Adware and Viruses board

Thanks Bear

I wish I could run HJT but *NO* programs or exe files will run. *ALL* get a redirect.

Try following all of Owen's instructions in the link I provided above. If your still not able to run HJT after completing all of his suggestions post back.

Wow, this could be the most effective virus / trojan we've ever seen.

My recommendation is:

Firstly, unplug your modem from the infected PC.
On a different PC, format a floppy disk (if it is running Windows 98 - if it's not, then just delete all of the files on the disk).
Go to www.merijn.org and get the latest version of HiJackThis. Copy/extract it onto the floppy.
Start your infected PC from a Windows 98 Startup Disk (Emergency Boot Disk) - if you don't already have one of these, obtain one beforehand from www.bootdisk.com or from the Startup Disk option in Add/Remove Programs on a Windows 98 PC that is not infected.
Once you are able to boot the PC (choose the Command Prompt Only option if there is one), then try to run HiJackThis from the second floppy.
If that doesn't work, boot from the Startup Disk into Safe Mode and run HiJackThis from the second floppy.
Create a HiJackThis log file and save it onto the floppy disk.
Go back to another PC and post the contents of the log file here.

We'll do our best to identify the problem entries and advise you how to resolve it. There's a pool of resources on this site and, between us, we have quite a lot of experience in this kind of thing but I can tell you now, it isn't going to be pretty

Well I had some luck. In frustration I right cicked on "My Computer" and I got it to scan with AVG. Found several virus in the Temporary Internet Files\Content IE5. Dumped the whole mess of them. Found some java script folders that were dated the same time my problems started and deleted them also. GOt Spybot S&D, and AdWare running. Got HJT to run and AVG offered to look at it and I just posted it to another fourm I watch so I will not waste your time here. Got a small problem with AVG not updating right but I am guessing it will take a reinstall. AVG seems to have good support!

Some one sent the link that seems to describe mine. http://securityresponse.symantec.com...r.exploit.html

Thanks for your follow up.

OK, thanks for the update Rschus. I'll close this thread for now but, if you need any more help with it, let us know and a moderator can re-open it for you.

--------------------------------------------------------------------

This thread has been Resolved and has been locked to prevent other users hijacking the thread and to help others know which threads have been Resolved and which are still being worked on.

If you started this thread and the problem returns or the case has not been properly Resolved, please send a Private Message to an Administrator or a Moderator of this forum to have the thread opened again. If you have a different problem, please start a new thread.