After having my desktop profile configuration completely change on me at random (which was quite subtle… /sarcasm), I did a complete scan of my machine and found in this:
".../Documents and Settings/NetworkServices/Local Settings/Temporary Internet Files/Content.IE5//load[1].php"
Stupid me decided to run WAMP (in offline mode) on my computer, which seems to have opened up my computer to PHP execution vulnerabilities. Avast is now spamming me every 5 minutes with
“Malicious site blocked: 199.80.55.80/go.php?data=…”(the … being some absurdly long number of random string characters).
I have also been getting hits on:
".../Documents and Settings/NetworkServices/Local Settings/Temporary Internet Files/Content.IE5//gjfd[1].jpg" ".../Documents and Settings/NetworkServices/Local Settings/Temporary Internet Files/Content.IE5//olse[1].bmp" ".../Documents and Settings/NetworkServices/Local Settings/Temporary Internet Files/Content.IE5//wo0g[1].gif"and so on... all of these come up as "Win32:Confi[0]", and try as i might to get rid of the damn thing, it will still generate those random fake images (and delete them sometimes too). ??? Avast, AVG, Malwarebytes, Kaspersky, Symantec, and BitDefender will find the fake images, but none could find the ROOT of the problem... none of the Confickr scanners could find it either, yet the virus is still acting like / fake images are showing up as Win32:Confickr
I have followed the directions and suggestions of the links below, but none have worked so far… it keeps coming back! The worst part about it is that my system was COMPLETELY up to date with all the latest security patches and updates from Microsoft!! >:( >:( >:(
[b]https://forum.avast.com/index.php?topic=65462.0
http://www.symantec.com/security_response/writeup.jsp?docid=2008-112203-2408-99&tabid=3
http://support.microsoft.com/kb/962007[/b]
Any suggestions…? :-\
Thanks,
- Daedalus
