Hi Dave
Go for scans in safe mode and also add Ewido and Ccleaner as Ewido performs
great with Trojans and Ccleaner will clear your temp folders where alot of
malware hides installers, Trojan Nameshifter really doesnt say much about
what the infection is, Its just used by MSAS then passed to Counterspy, The
infection could be Qoologic but its its hard to know as MSAS does call
different infections NameShifter. You could upload the file at Jotti's scan
site to find out what it relates to but you may need to enable hidden files
and folders to find the file depending where its saved into.
When MS Antispy finishes scanning it should show where the infected file is,
Go to Jotti's site
http://virusscan.jotti.org/
In the file to upload area press Browse then follow the path to the exe file :
Then press Submit and copy and paste the results to notepad and save them so
you can post back the results if needed.
Here's how To Enable Hidden Files and Folders if you cannot find the file
Click Start > Open My Computer > Select the Tools menu and click Folder
Options > Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and
folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm > Click OK.
You can set this back later by opening the same page and pressing 'restore
defaults' then pressing apply,
Next Download Ewido and Ccleaner
Download the trial version of Ewido Security Suite here
http://www.ewido.net/en/download/
Install ewido.
During the installation, under "Additional Options" uncheck "Install
background guard" and "Install scan via context menu". Launch ewido, On the
left side of the main screen click update . Click on Start and let it update.
After the update finishes (the status bar at the bottom will display "Update
successful" Exit Ewido.
DO NOT run a scan yet. You will do that later in safe mode.
Download Ccleaner
http://download.ccleaner.com/download124bin.asp
Install Then close
Copy this to noteapd if needed and safe it as you will not be able to access
the internet in safe mode.
Reboot into safe mode - Restart your computer and immediately begin tapping
the F8 key on your keyboard. If done right a Windows Advanced Options menu
will appear. Select the Safe Mode option and press Enter.
To return to normal mode just restart your computer as you normally would.
Once in safe mode run Ewido again.
From the main menu click on 'scanner' then click 'Complete System Scan'
Once its started scanning it will display an alert window when it finds any
infected files, when you see this first alert then choose 'Remove' and check
the box in the
bottom left corner that says 'Perform action on all infections'
When Its finished scanning it will give you some options at the bottom of
the screen, choose 'Save Report' and save it to the desktop incase you need
more help with this.
Run MS Antispy on a full system scan and remove anything found
Finally Run Ccleaner and press "Run Cleaner" to remove temp and unused files
from your system
While still in safe mode reset the Internet Settings : Goto Start Menu then
Control Panel then to Internet Options, Click the Programs Tab and press
"Reset Web Settings" and include the homepage then press Yes, Then goto the
General Tab and enter the homepage you want to use into the space provided
and press Apply .
Reboot back to normal mode
Let us know if you have any problems and post the ewido scan log and the
results from Jotti if its still being detected.
Andy
