2 days ago I got my IP blocked by a web site because I was identified as a spammer. This was obviously due to a non-detected virus on my PC (I was using AVG). I downloaded Avast. It detected one or two Trojan and remove them.
I felt safe after the removal and requested my IP to be delisted from the anti-spam web site. But 6 hours later my IP got listed again !..
So I installed ZoneAlarm to control the outgoing traffic and I finally got a process that tried to access the internet. The program was something like 65xcsshd65.sm.exe and was located under C:\Documents and Settings\francis\Local Settings\Temp. In that folder I found around 40 .EXE of the same kind (name always starting with 2 digits, then a string of 5-6 characters and again two digits). I deleted them all but as expected the process was still running somewhere. This morning I saw 10 of these processed requesting the access to the Internet.
As Avast does not detect this virus, what should I do ?
There are a couple of stand alone scanners you could try besides Stinger.
I recommend you try DrWeb CureIT! first, and then Trend Micro Sysclean: go for the Controlled Pattern Release definitions as these contain the most recent malware. You will need to temporarily disable avast! while scanning.
As your IP is blocked I guess you’ll be downloading from another computer, so don’t forget to download the signature database so you can update the program when you install it.
If you do have Internet access, you could try some online scanners listed on the page above: I’d recommend Panda and Trend (if you don’t use Sysclean) and also F-Secure, but you will need to disable avast! during a Panda scan.
I’ll try all that tonight (I’m at work at present).
My IP was blocked for emails only and since I blocked the spammer with ZoneAlarm my IP remains unlisted.
So it worked pretty well. I was infected by Spambot and MedBot.
However, hopefully Avast was installed on my Media Center. I ran DrWeb CureIt on the MCE PC and it did not find anything so I re-opened the internet access for Media Center and continued to watch my movie … when I heard in the movie “Alert ! Alert ! too many emails sent in a short while”. I quickly switched back to Windows and saw Avast blocked emails going out from my PC. In fact for some reason the scan by CureIt did not find the SpamBot virus. I did the meticulous clenaning again and now it seems to run fine.
I really like Avast and I found it much more powerfull than AVG.