HELP I think I have a virus, but norton says no

[Jmmmmm]

I think i accidentally installed a virus. I clicked on the install program for some program i downloaded yesterday, and it immediately disappeared. I figured I was f-d and immediately turned off my wireless connection, and a minute later i got a message telling me i was trying to connect to the internet.

I ran my norton antivirus corp, which is up to date in definitions, but it did not find any viruses. Now today, I'm getting these popup ads...and they're opening up in internet explorer, even though I'm using firefox (which is the default browser). Ironically, the last two popups were about winvirus pro. I also ran a windows defender spyware scan, which came up empty too.

I'm concerned about leaving my internet connected, I don't want it to be stealing my info or whatever.

What should i do??

here is a picture of what procexp says is running on my computer. I don't think I see anything unusual, although i don't know what every one is. (i was running windows defender at the time...) http://i172.photobucket.com/albums/w29/ ... rocexp.jpg

[GomJabbar]

Run a virus scan from Windows SAFE MODE. Also I would download and install Spybot and also run a Spybot scan from SAFE MODE. Some virus' can cloak themselves in Windows Normal mode, but the cloaking often doesn't work in SAFE mode.

http://www.safer-networking.org/

[rkawakami]

According to this site:

http://answers.yahoo.com/question/index ... 254AAI3TOG

booting into Safe Mode and then running Control Panel/Add-Remove Programs worked. YMMV.

If not, then try Spyware Doctor and Ad-Aware. Sometimes using Windows System Restore can help.

[Kyocera]

System restore is a great troubleshooting tool, always create a restore point first, if you experience odd behaviour after installing any program or device go back to that point.

[carbon_unit]

You can also try an online scanner such as http://www.pandasoftware.com/products/ActiveScan.htm or http://housecall.trendmicro.com/ or http://www.kaspersky.com/virusscanner

[steveg47]

Don't forget to check for rootkits. This utility works very well to detect rootkits: http://www.microsoft.com/technet/sysint ... ealer.mspx
Also, run msconfig and check the startup tab for suspicious entries.

[RealBlackStuff]

acs.exe could be a baddie.
If it is located: c:\windows\acs.exe it is most likely an Atheros wireless utility.
If it is located: c:\program files\acs-style\acs.exe you got a WORM W32.Kelvir.W
see here: http://www.softwaretipsandtricks.com/da ... csexe.html

All the others look OK to me.

[carbon_unit]

If you are really serious about cleaning it up go build this: http://www.ubcd4win.com/
It takes some effort but it is worth it. Booting from a live cd that is known not to be compromised allows for better virus/rootkit detection.
I use this every day fixing computers.

[Jmmmmm]

Thanks for the help everyone.

I ran a virus scan in safe mode, did a rootkit scan, and did a virus scan with activescan (couldn't get kaspersky to work), and they all came up pretty empty. Luckily, i had a system restore point from yesterday, so I restored it to then, and everything seems to be OK right now. I wanted to try to delete it first, but whatever it is, it seems to be gone.

I'd like to try that ultimate boot cd, but I just don't have time to mess with it right now. Hopefully i won't have any more problems with this, though. Thanks again.

[tyanlion]

its probably something from IE or firefox like a plugin or add on. best bet is to do system restore. But i don't think its a trojan or anything like that your procs are all standard.