Malware that renames itself on reboot

[ShadesOfGrey]

Most likely you have another trojan horse that's running during Windows startup.  You might want to take a look at HiJackThis, it pretty much shows you all the stuff that's being started at startup (plus has some basic browser hijack prevention).  Keep in mind that this app lists all 'startup' program, the good (legit) as well as the bad.  But usually it's pretty easy to determine what's legit and what's not...  You can also try using MSConfig (run it, MSCONFIG" from the Run dialog or the command prompt), which can disable many of the items that run at startup.

Also, take a look at SpyWareBlaster...  It's a spyware blocker, not scanner...  Think of it in terms of SpyBot's Immuniziation.  Anyway, it catches something that SpyBot doesn't...  In fact SpyBot's author recommends SpyWareBlaster as a supplementary tool.

Beyond that, given your friends situation (using Windows and ME at that), I'd recommend a dual boot system.  One boot for potentially dangerous surfing and the other for serious work.

[ShadesOfGrey]

Kill BackWeb!!!  Not only is it Corporate Spyware, it Corporate Spyware at its worse.  It's buggy, resource hungry, and I've never seen it actually do what it claims to.  For example, my brother has a Logitech MX wireless mouse and the driver update software is BackWeb based.  Even when manually forcing the software to check for updates it never finds any, so he or I have to go to Logitech's web site to d/l driver updates instead.

Now I remove or block all BackWeb software.

[ShadesOfGrey]

adz wrote:
You might also want to have a look at CWShredder as well. In the end it is probably better to "format c: /u" and start again.

I knew I was forgetting something!!!