bargain buddy variation eXact.ISEXEng

I have this eXact.ISEXEng [trojan] and haven't been able to get rid of it.
Can't find any reference to it in google
Comes back  wether you clean in safemode or not  

I also have an entry in highjack this that doesn't respond to removal  item 09

Logfile of HijackThis v1.98.2
Scan saved at 8:46:19 AM, on 10/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
D:\highjack this\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Spam Bully for Outlook Express] "C:\Program Files\Axaware\Spam Bully 2 for OE\oespambully.exe" install
O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1063 (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

roberttownsendAsked:
Who is Participating?
 
Tim HolmanConnect With a Mentor Commented:
Getting rid of the problem...

1)  Run a full Stinger scan in Safe Mode - http://vil.nai.com/vil/stinger/
2)  Install and run LavaSoft AdAware - http://www.lavasoftusa.com/support/download/
3)  Download and run latest version of HijackThis (HJT) http://www.tomcoyote.org/hjt/
4)  Post the log at http://www.hijackthis.de/index.php?langselect=english
5)  Run MSBA - http://www.microsoft.com/technet/security/tools/mbsahome.mspx & take appropriate patching action

Stopping it happen again...

1)  Ensure WindowsUpdate is set to update your system
2)  Download a pop-up blocker - eg toolbar.google.com
3)  Install Lavasoft AdAware and run regular scans, or just leave it and have it handy for when problems start recurring.
4)  Keep your AV software up to date - daily updates recommended.  www.clamwin.org and www.grisoft.com are good free ones...
Also, check this link for some free, limited-time trials of commercial products - http://www.microsoft.com/windowsxp/downloads/updates/sp2/antivirus/default.mspx
5)  Enable Internet Connection Firewall, or use ZoneAlarm if you don't use XP
6)  Stay vigilant.  Don't bother opening non-work related email attachments, or install an on-access virus scanner so that it doesn't matter if you do.
7)  Look at a host IPS - eg www.prevx.com, www.abtrusion.com, System Safety Monitor  to cover your machine between when a virus hits the wild and when a patch is finally released that fixes it.  Average time is roughly 6 days.
8)  Take an online privacy test http://www.anonymizer.com/privacytest/2.0/privacytest.cgi?test=2
9)  Set IE Privacy to High - IE > Tools > Internet Options > Privacy
10)  Reset Internet Zone Security to High - IE > Tools > Internet Options > Security > Custom > (Select High) > Reset
0
 
roberttownsendAuthor Commented:
I also scanned this log file on the web site and the only thing it flagged was item 09
0
All Courses

From novice to tech pro — start learning today.