I’ve some persistent virus, creating new exe files in my windows folder, all of them 4 characters long. Zonealarm detected 4 of these files trying to connect to the Internet, my last antivirus didn’t detect these (Avira). I ran one of them through virustotal.com and Avast engine detected a trojan downloader. After this I installed Avast, ran a couple global analysis and another one before windows loaded, detected an infected file and erased it.
It’s been only a few hours since this happened, and right now Zonealarm alerted me again about another file trying to access the Internet, the same malaysian IP (124.217.235.76). I’ve run a virus scan on this file and Avast hasn’t detected anything. Here’s is virustotal.com report.
thanks for the help Pondus. I downloaded the program, updated it, but found nothing after a full scan. I also tried Stopzilla, did a partial scan and it found a few infected processes running in memory. Not sure if it will help, but I’ll try a windows system restore tomorrow and see if I get more warnings.
To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( OTS log ) save OTS log as ANSI
This is just additional information. Llater when essexboy comes in follow his instructions to the dot. The info I have found on your apparent infection: C:\WINDOWS\kdhr.exe 66051 2011.07.03 02:20:02.000 2011.07.03 02:20:02.000 2009.01.09 10:54:24.093 0x6 was mentioned in this analysis: http://camas.comodo.com/cgi-bin/submit?file=986bf9e384569d4688f7a0e713719b49a289bf24a75807e33cc7a800188e96b1&iframe=
It is quite recent as you see, first seen beginning of this month. MD5 hash = 8832bc73b69cc7e50fdbce31f7dc9ec5 Also found as part of vc_is2.exe will create 4 Hidden Rootkits dtmn.exe, pdwa.exe, uhcd.exe and kdhr.exe in C:\WINDOWS (could have come down with a torrent download or a trojan downloader via an iFrame hack),