Hi, I was recently the victim of the WinScanner virus. I caught it as soon as it landed (thanks IE8) but it invited quite a few of its friends down to play. Using a combination of Hijack This, ASquared, MBAM, Spybot S&D and Symantec AV I was able to get my system to scan clean, however things are still not right. If I login to my PC as a different user (and hence a new user profile) neither IE or FireFox will launch. I ran SFC /SCANNOW and nothing out of the ordinary showed up, however, when I login under my profile I can launch both browsers. Periodically, I see a message from MBAM that it blocked outbound access to a potentially dangerous site. The IP address of the site is 91.217.162.64 which, according to WhoIS, belongs to a block of addresses in Russia. Does any of this sound familiar to anyone? Is there another scanner I could use to identify this? Based on what I saw, this thing dropped a few trojens, installed some browser pre-loaders and BHOs and one root kit. All of those are now gone and the system scans clean with every scanner I've used but I'm very suspicious of this IP address attempt and the fact that the browsers are not working in other profiles. Any suggestions would be very gratefully received. Best regards, spotlizard
