downloader-AFH

Go here and read the characteristics,symptoms and such and it will tell you how to remove.you will need to get into the registry so do exactly as it says.

to see the winstall.exe you may need to go to in my computer - tools - folder options - view and uncheck Hide protected operating system files.

http://vil.nai.com/vil/content/v_136151.htm

Thanks alot that seems to have done the trick

It had gone away for a while but its back now and it doesnt seem to be going away as none of the files in that link are actually there, but its still keeps coming up.

HELP!!! please

Do it again but this time disable your system restore if you do not know how go here.

http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.aspx

Also run this free online scan:

http://housecall.trendmicro.com/

After you have done that go here and get HiJackTthis.

http://www.merijn.org/files/hijackthis.zip

run it save log file it will put it where ever you put HJT.I make a folder in my root directory called HiJackThis and put HJT in there.now open the log file copy and paste it in this site.

http://www.hijackthis.de/en

Click analayze it will tell you what to have it fix and what not to fix.

after you are done reboot re-eanble system restore that should take care of it.

This might seem like a really stupid question. but how do i delete the files that need deleting?
and do i only delete the files with the crosses next to them?

the reason the virus might keep coming back is it may be hiding in your system restore area.

boot into safemode (hit f8 repeatedly during windows initial startup)
login as admin
right click on your harddisk and turn system restore off under properties (this wil delete any restore points!)
reboot back into safemode again and turn it back on
start windows normally

That's not a stupid question Bud.

No such thing as a Stupid Question just Stupid Answers.LOL

Yes when you paste the log in the analyzer it will have a green check next to good and a yellow next to what has been reported as non threat read the thing next to the marks the red Xs definetley Fix.

The yellow if your not for sure what they are fix anyway.

what you do is with HiJackThis is when you do a scan it has a list of stuff there will be a box next to each one.any box you put a check mark in and at the bottom click fix checked it will fix.

Not to tempt fate but it looks like its gone for now. Turned my computer on and off a couple of times and it hasnt appeared so thanks for the help. Appreciate it.

Man alive its come back... i cant believe it. I checked the HijackThis list and found that this (below) was the only red mark that came up. so i can only assume that this is whats causing the problem. Im getting pretty cheesed off, it could be a website that im going on that is getting the trojan on my computer. Any suggestion?O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
[IMG]http://www.hijackthis.de/gfx/state/nasty.gif[/IMG]
[IMG]http://www.hijackthis.de/gfx/state/rating_0.gif[/IMG]

The entry &AOL Toolbar search has been identified as nasty.

have hJT fix it unless you use AOL.the process above was the only way i found to remove it.

Try these.

Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/

SpyBot Search and Destroy v1.4
http://security.kolla.de/

After the software is updated, I suggest scanning the system in Safe Mode.

If it keeps coming back after the scans show it is gone, a web page you are using is putting it back.

Actually, this is a Smitfraud infection.

There are a couple dedicated removal tools for this.

-- A note on HJT and Online Analyzers.
Both miss a lot. An online analyzer is only as good as it's DB and there are a ton of baddies that do not show in a HJT Log in the first place.

-- Hazdude,
I'd be happy to help you clean this, time permitting (I am juggling a number of threads in a number of forums at the moment).
At this point, I am not sure what you have and haven't done to your machine. So, please do the following:
Please look at the steps I have written here and obtain the three logs as directed and post them here.
1- Kaspersky
2- AVG Anti-Spy
3- Fresh HJT Log

Often, there are multiple malware issues with this infection and it helps to get a good baseline from which to start. Those scans will do it and we'll go from there.

Cheers :)
PP

Thanks alot everyone who replyed i ran a couple off virus scans and deleted a few of the files they found and it seems to have disappeared.

Thanks again to everyone