Hi all

I have 4 computers in the house 1 is connected to the internet the rest are for gaming and business graphics design use.

i have

Dell Latitude D810 (only one connected to the internet)
Custom Gaming Desktop
Samsung N510 Netbook
Dell XPS M1710 (7950GTX)

all running Win XP

My problem is hard to explain but i have taken a picture to show you



https://postimage.org/image/1329ofmqs/



I don't know what those aAA chracters are, its effected all 4 PCs and from using my pen drive, its also appeared to happen when i use my WD portable usb hard-drive. I lent my pendrive to a friend who lives 10 houses down about 5 days ago and thats when it startred.

I used ClamWin to on all my portable HD and PCs (in safe mode), and ZoneAlarm Pro (on my internet PC) its not doing the trick i'm limited to what Virus/Trojan software on my other machines because they are not connected to in the internet and a lot of programs ask for a internet connection

Clamwin reports this

Scan Started Sun May 29 21:07:50 2011

-------------------------------------------------------------------------------



WARNING: Can't open file C:\pagefile.sys: Permission denied

WARNING: Can't open file C:\WINDOWS\system32\config\default: Permission denied

WARNING: Can't open file C:\WINDOWS\system32\config\SAM: Permission denied

WARNING: Can't open file C:\WINDOWS\system32\config\SECURITY: Permission denied

WARNING: Can't open file C:\WINDOWS\system32\config\software: Permission denied

WARNING: Can't open file C:\WINDOWS\system32\config\system: Permission denied

C:\WINDOWS\system32\odbcasvc.exe: Removed.

WARNING: Can't open file C:\WINDOWS\Temp\ZLT03e9a.TMP: Permission denied



C:\WINDOWS\system32\odbcasvc.exe: Trojan.Spy-2103 FOUND

----------- SCAN SUMMARY -----------

Known viruses: 968599

Engine version: 0.97

Scanned directories: 3960

Scanned files: 28392

Infected files: 1



Data scanned: 12787.82 MB

Data read: 27590.96 MB (ratio 0.46:1)

Time: 2829.000 sec (47 m 9 s)



--------------------------------------

Completed

--------------------------------------


Can someone please help and can this trojan/virus eat all my data up

Trojan Spys do not normally destroy data. They are primarily password stealers, but today's malware often has a multi-payload.

It sounds like some malware has gotten its hooks into your system if there is a problem with your Windows Explorer right-click menu, and the USB drive you loaned out is probably the source of the infection. If you have a home network with networked shares, the other computers may also be infected.

I suggest you remove the other computers from the network. Turn off System Restore (Control Panel, system, System Properties, system Protection). Run Diskcleaner (Start, All Programs, Accessories, System Tools, DsCleaner)--select to clean everything. Then run Microsoft's Malicious Removal Tool (MRT.exe in the Windows System32 directory) on every computer. Let it remove whatever malware it finds. Then from the internet-connected computer, download Malwarebytes' free antimalware scanner at https://www.malwarebytes.org/ on the web. Also make sure Clamwin is updated. Install Malwarebytes with the default options (update the signatures also). Then do a Quick Scan with Malwarebytes. Do whatever it suggests to remove/quarantine any malware found. Then boot into Windows Safe Mode (F8 upon bootup until you see the Safe Mode screen). Select normal Safe Mode--no networking. Then do a similar Quick Scan in Safe Mode with Malwarebytes followed by your normal ClamWin scan. Then while still in Safe Mode, open the USB drive from C:drive and view the contents. Delete any autorun files you find. Then scan it with Malwarebytes and ClamWin.

If you have found any viruses during this, that is good. You will need to make sure each of your other computers is clean also. I am not sure how you can do that if they are not connected to the internet with an updated antivirus, unless you can run Malwarebytes on them from the internet-connected computer (disconnect it from the internet before starting).

I have seen Malwarebytes find/remove as many as 200+ viruses on a computer, but malware can be tough to remove once it gets on a computer. If this does not work, send me a Private Message.

Regards,

many thanks for taking the time to list all those procedures

I first used diskcleaner

then i ran MRT.exe
(june 2007 ver) it reported no virus/trojans

i then booted into safe mode i chose my name but there is also a Admin account to log into

i first ran MALware

here the report


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6724

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.11

01/06/2011 16:34:19
mbam-log-2011-06-01 (16-34-19).txt

Scan type: Full scan (C:\|)
Objects scanned: 155211
Time elapsed: 17 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


[b][/b]


I then ran Clamwin is safe mode



Scan Started Wed Jun 01 16:38:55 2011

-------------------------------------------------------------------------------



WARNING: Can't open file C:\pagefile.sys: Permission denied

WARNING: Can't open file C:\WINDOWS\system32\config\default: Permission denied

WARNING: Can't open file C:\WINDOWS\system32\config\SAM: Permission denied

WARNING: Can't open file C:\WINDOWS\system32\config\SECURITY: Permission denied

WARNING: Can't open file C:\WINDOWS\system32\config\software: Permission denied

WARNING: Can't open file C:\WINDOWS\system32\config\system: Permission denied



----------- SCAN SUMMARY -----------

Known viruses: 968611

Engine version: 0.97

Scanned directories: 3968

Scanned files: 26958

Infected files: 0



Data scanned: 12966.77 MB

Data read: 32850.69 MB (ratio 0.39:1)

Time: 8294.610 sec (138 m 14 s)



--------------------------------------

Completed

--------------------------------------


I then formated my pendrive in safe mode

at the moment all seems ok i'm not seeing those chracters when i insert my Pendrive into my internet connected D810 (via wired ethernet) ..... really odd as nothing was found.

I now have 3 more computers and a WD 120GB HD to clean these are not connected to the internet and the LAN/Wi-Fi is diabled on purpose in Bios Shall i run the UNUPDATED version of ClamWin on those machines and it there a offline version of Malwarebytes

For the other computers not attached to the internet, you could update ClamWin via the internet-connected computer and then install ClamWin on them and copy the C:\ProgramData\.clamwin\db files to them. I have been unable to find where the signatures are for Malwarebytes.

Keep Malwarebytes around and run a scan occasionally on the internet computer. They just updated it to a new version yesterday (1.51). Microsoft's Security Essentials is pretty good too.

For future reference, look into using the F-Secure Rescue CD. You can download the program and burn it to a CD as an ISO file and put the signature updates on a USB dirve. Then you can run the CD with updated USB signatures on any computer. I keep it around and update a couple of times each week in case some malware I am working gets away from me. It is available for free at https://www.f-secure.com/en_EMEA-Labs/security-threats/tools/rescue-cd/ on the web. It is a bootable CD with a version of F-Secure for Linux, and Windows viruses can't hide from the AV, as long as they have a signature.

Regards,