Thank you; for taking the time to read my hijack log.

The first thing I did when I noticed this entry in HKCU, I used system restore
to fix the problem. When I ran the program Windows said that the system was successfullly restored, but when I checked the registry the entry was still their, so I undid that restore point and tried another, no luck.

I even tried using last known good configuration and that didn't work either.

Any ideas on what this entry is and do you think it is malware or spyware.

If it was your machine would you delete the entry from the registry.

Any ideas on what this entry is and do you think it is malware or spyware.

If it was your machine would you delete the entry from the registry.

There does not appear to be a clear answer here or way to really know.

This entry ¼ž¹ was added to the registry( hkcu) around the time I received this email.

Date: Mon, 09 Apr 2007 10:07:59 +0200
From: categorically <cpune@nutechs.com>
Subject: Missle Strike: The USA kills more then 20000 Iranian citizens

This message has been processed by Symantec's AntiVirus Technology
Video.exe was infected with the malicious virus Trojan.Packed.13 and has been deleted because the file cannot be cleaned. The message comes with an attachment which I have not opened.

The anti-virus program I use confirms that this file has been deleted, I don't know why Symantec would even send me this, because I haven't used their anti-virus program in years the only program I use of Symantec is Norton WinDoctor and Clean Sweep once in awhile and I'm slowing phasing out. I really haven't had any problems with Norton only the program is a real resource hog.

No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 269.0.0/752 - Release Date: 08/04/2007 8:34 PM

So far I have used hijack this, cwShredder, ad-aware, windows malicious software removal tool, Windows Defender, process explorer, process monitor, autoruns and preformed many online scans to find out what this entry is. I don't know why Windows Defender didn't catch this because if any system changes are detected windows defender pops up right away and before I can continue to use the system, I have to either allow or block the change and I would not let something change the registry unless I knew what it was.

Only, the services I need and Windows uses are enabled the rest are either auto, manual, or disabled. I don't have or use any P2P software and file and printer sharing is unchecked. I don't open attachments and all security features in OE. are enabled, don't install activeX controls and system is fully patched and up to-date.

I found this in my travels think this could be my problem only how do I delete something that has already been deleted, I might have clicked on the email but I didn't open the attachment. Their are a lot of sites that have information on this exploit F-Secure says it's a Rootkit, Email worm.

http://www.f-secure.com/v-descs/emai...latin_cq.shtml

http://thehollytree.blogspot.com/200...s-begunus.html

I sure hope it's not this worm but the more I read up on this worm their might be a chance this sucker is in my system, I guess I'll have to run a rootkit remover program.

When windows is asleep and something kicks him out of bed, I run active ports and this remote Ip keeps popping up 80.86.106.67 accessing port 80 and when I do a Whois lookup it comes back to Ripe Networks.

This message has been processed by Symantec's AntiVirus Technology
Video.exe was infected with the malicious virus Trojan.Packed.13 and has been deleted because the file cannot be cleaned. The message comes with an attachment which I have not opened.

You might want to consider trying the PREVX tool. It is a good tool but can start to act like a firewall does (many skill testing questions) which is not good for certain kinds of users:

http://fileinfo.prevx.com/filesearch...arch=Video.exe

Many thanks;

I'll give it a try, if it asks me what 24+15 ? I'll type 2,415

Maybe that will shake up this worm.

I forgot one thing, if I didn't open the attachment how the heck did it get on my machine? Would just clicking on the email download the worm?

Let you know how I make out