remove STORM.GEN

I have Norton 360 trial. how can I remove storm.gen from my pc?
Like right now!?

 

Reformat and reinstall.

 

I don't want to do that. what else mods?

 

Try using AVG or another free antivirus. If those don't work you are going to have to reformat.

 

If you don't want to install another antivirus program, you can try ClamWin Portable.

 

Hokay. I do this garbage all the freakin' time (it's my job >_>)
First, get rid of Norton 360.
I suggest turning off System Restore and running CCleaner. THIS IS IMPORTANT, DON'T SKIP THIS. Lots of malware hides in System Restore and temp locations, and these locations need to be cleared if you want your system to be clean.
Then, install, update, and run Trojan Remover
Reboot the computer to let it complete its operations.
Then, boot in safe mode. Run ComboFix. The computer will likely reboot on its own.
Download, install, update, and run http://www.snapfiles.com/download/dlmalwarebytes.html.
Finally, to protect yourself in the future, be sure to install Avria Free Anti-Virus (way better than Norton), SpywareBlaster, and to always practice safe internet browsing habits. Be sure to run an Avira scan on first install as well. You can also turn System Restore back on now.


This process is an extremely lean version of what I do, but should get the job done and grab some more nasties Norton missed. Good luck.

Also you almost never have to reformat a computer because of malware infections, though it is the best way to be 100% sure you are clean.

 

You can always download and install the trial version of Kaspersky AV 2009 and get rid of the trojan/spyware !!

 

Installing avira!

 

Killed 2 types of virus in qurantine. So now what?

 

one of the viruses is called: TR/Crypt.XPACK.Gen
Killed it. What should i do now?

 

Did you follow the process I outlined above?
If yes, are you still having problems?

 

Did everything you said. I'm gonna try to play a movie because when I got the virus it was always distorted.

 

Are you sure that the virus was causing the distortion in the video? Sounds a little odd to me, although it is plausible.
If you're still worried you can run HijackThis! and post a log here and I'll tell you what needs to go, if anything.
Also there are other tools that can be run on your own, such as Spybot Search and Destory, SUPERAntiSpyware, and SmitFraudFix (just google, you'll find them no problem).

 

ComboFix and MalwareBytes Anti-Malware will do the job.

 

Here's the LOG:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:11:02 PM, on 5/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1190337268353
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1190337238306
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: (no name) - http://upload.wikimedia.org/wikipedia/commons/d/da/Pajero_sport_tunisia_dunes.jpg

--

 

Not bad, no serious threats there.
I would advise uninstalling all of the toolbars you have installed, toolbars are garbage. Unless you're really attached to them, I see you have:
AT&T Toolbar
Yahoo Toolbar
Encarta Search Bar
Google Toolbar


Also, remove "O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll" unless you have a Netware Client installed (on a Novell network), or are using the IPX protocol for anything.

 

It says it can't remove winsock. I don't use IPX or anything.

 

Use this, it's called winsockfix.
I forgot that newer versions of HJT refuse to pull out winsock entries. I dunno if it's because they WON'T or they CAN'T, but whatever.
It's likely not even malicious.

 

After all of this fixing: I used to have firefox 3. when the virus came it always said it was running and needed to be closed but I was never using it.
Uninstalled it and now still nothing.

 

I'm sorry, I don't understand the problem.
Something is saying Firefox is running and needs to be closed?
Firefox is telling you something is running and needs to be closed?

 

Exactly.For a long time this has been happening.

 

That was a "Which of these two, or something else?" question.
What is happening?

 

It says Firefox is open but it is not. So now I cannot uase firefox. i've had it for a long time.

 

What is saying that?
What happens if you re-install firefox, and then tell it to ignore that it's open when installing?
Do you still have a Program Files directory for Firefox? If you open task manager, and click the processes tab, is Firefox listed there?
What happens if you try... whatever you were trying to do when you got this message in safe mode. Have the issue?

 

It isn't in the processes tab at all. It doesn't work in safe mode.