Hi
My IE homepage is set to the above mentioned page and resetting it to blank doesn't work. If you think there might be some danger in visiting this page, here are the contents(top 4 lines):

This Account Has Been Suspended



Why? There could be a few reasons why your account is suspended, the most common are...


Account Unpaid?

Unpaid accounts are suspended 10 days after the due date
however re-activation is INSTANT following payment, like this...

I found something on following website about this problem, but somehow I did not trust this website.
www.securitystronghold.com/gates/darker.html

I felt like the creator of both websites might be the same. And they might try to install something bad by prompting me to download there so called darker and svchost.exe removal tool. If somebody has tested this and trust them, then I will download their tool.

Also I feel there is some virus in my computer as I found wscript.exe in my task manager.This is my office computer and I have symantec anti-virus, but I don't like it. It anyways does a force scan every morning(over which I have absolutely no control) and does not find any virus.

I also tried ESET online scan but it completed in 0.00 secs, saying no threats have been found. I think my office network doesn't allow this kind of scanning. (As Kaspersky is still trying to get my computer configuration since last 30 minutes).

Any help guys...
(I haven't done everything that is written in the "Read me before posting a request for assistance", but if nobody knows the problem and solution, I will try to do whatever is written there)

Also this problem doesn't seem to cause any difficulties or bad things in my computer.

"Read me before posting a request for assistance" The instructions are quite clear that is why it is titled that way. Follow those steps.

I agree jholland, but its my office computer and I don't seem to have all the rights to perform all these actions. (Also I tried to perform online scans, checked my task manager process lists, which are part of that list) Here I am not saying I have done some of things in that list, so you should do something for me... that would be ridiculous. I was just wondering if anyone have come across this problem before so that I could take help from their experience.

grvs, there is a key in registry which will auto-reset your homepage if you change it. An example of pestilence, for sure, when it is set by some company whose product you have bought.
In this case though, it appears that a malware has set it, and that will require removal. You need administrative powers to run those tools. It would be handy if you could at least run hijackthis.

Thanks gerbil. I got some of the administrative access today, which includes regedit, command prompt, and installation of programs and I am able to download things from some of the websites. (Still no control over the symantec antivirus installed in my computer)

So i tried the to change the home page to blank (and google also) using regedit, but the virus/worm resets it to http://www.socio.fusionace.com/ (which is different from original but it redirects my IE home page to that page only)


Then I downloaded Hijack this but when I click on Analyze this, it takes me to an error page.
(Answer - Error running Hijack This)

I do have hijackthis.log (changed to .txt to upload) and startuplist.txt whose contents are as attached.

I also tried to empty my windows/temp folder but there are two files which I couldn't remove.
these are
C:\WINDOWS\Temp\QosServ.log
C:\WINDOWS\Temp\hsperfdata_SYSTEM\1612 (no extension)

Seems like I can't even read those files.

Thanks

Sorry, but am a bit confused here since you said this
but then you posted two logs from HiJackThis, so you were obviously able to run the program.
As gerbil said, there is definitely malware on there and there are tools that must be run to remove it. Trying to do it manually may be next to, if not impossible as that can involve trying to track down multiple files in multiple locations on the computer. Leave just one of those files and the infections can rebuild themselves. Plus manual removal done the wrong way can render the computer useless.
You said you can download some programs did you download and run MBA-M? That one is key.

Ok again it seems that Hijackthis works on my computer but network doesn't allow it to send log files directly to Trend micro website. I will try MBA - M tomorrow (at home right now).

There is no reason to send files to Trend Micro. We are using these logs here so we are the ones who need to see them. Unless instructed by a helper here you wouldn't be sending files someplace else.

delete C:\WINDOWS\system32\FAantivirus.vbs
Edit key with IceSword beacuse with regedit it may show error
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
userinit C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\FAantivirus.vbs delete this string C:\WINDOWS\system32\FAantivirus.vbs and check keys below also

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79304312-9a8b-11de-8e38-00148598e886}\Shell]
@="Open"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79304312-9a8b-11de-8e38-00148598e886}\Shell\Auto]
@="AutoPlay"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79304312-9a8b-11de-8e38-00148598e886}\Shell\Auto\Command]
@="wscript.exe FAantivirus.vbs"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79304312-9a8b-11de-8e38-00148598e886}\Shell\AutoRun]
"Extended"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79304312-9a8b-11de-8e38-00148598e886}\Shell\AutoRun\command]
@="wscript.exe FAantivirus.vbs"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79304312-9a8b-11de-8e38-00148598e886}\Shell\Explore]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79304312-9a8b-11de-8e38-00148598e886}\Shell\Explore\Command]
@="wscript.exe FAantivirus.vbs"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79304312-9a8b-11de-8e38-00148598e886}\Shell\Find]
@="Search..."

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79304312-9a8b-11de-8e38-00148598e886}\Shell\Find\Command]
@="wscript.exe FAantivirus.vbs"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79304312-9a8b-11de-8e38-00148598e886}\Shell\Format...]
@="Format..."

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79304312-9a8b-11de-8e38-00148598e886}\Shell\Format...\Command]
@="wscript.exe FAantivirus.vbs"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79304312-9a8b-11de-8e38-00148598e886}\Shell\open]
@="Open"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79304312-9a8b-11de-8e38-00148598e886}\Shell\open\Command]
@="wscript.exe FAantivirus.vbs" from usedmachineryindia.com

mohitume,
I have no idea what it is that you have posted, an incomplete section of some sort of log obviously. This thread is three months old. You need to begin your OWN thread. State your problems. Give info on your computer, what symptoms you are having and what programs you have run to attempt to correct these problems. Somebody will then help you.