So here’s what’s odd - Every couple of hours, even while my PC is idling and I’m not actively browsing, downloading, or anything, I get an alert popup from Avast!'s on-access scanner which says the following:
–
A trojan horse was found! There is no reason to worry, though, Avast! has stopped the malware before it could enter your computer. When you click on the abort connection button, the download of the dangerous file will be canceled.
Virus: Win32:Swizzor-gen [Trj]
Location: http://[don’t actually go here]bins.dns-look-up.com/bins/int/upAYB.int
VPS version: 0652-6, 12/01/2006
–
I looked up Swizzor and its variants and read all about its effect on the target PC, and have tentatively determined that I’m not really infected because I’m experiencing NONE of the symptoms of Swizzor infection. Also, I scheduled and ran a boot-time scan with Avast! and nothing was found. However, it is obviously very worrisome that I KEEP getting that message, always with the same web address as the location of the worm. Since the location isn’t even on my PC, there’s nothing to clean, so what’s going on?
It has to be one of two things:
1 - Someone else’s infected PC (among the thousands and thousands that I interact with during P2P file transfers) grabbed my IP address and is repeatedly attacking it
2 - (more likely) A downloader for Swizzor has been installed on my computer somehow (and is not being detected by multiple scans) and is repeatedly attempting to make the connection to that URL and infect my PC, always being headed off by Avast!
There are two things I did immediately prior to this starting to happen: 1) I temporarily halted Avast!'s on-access scanner to run Panda’s online scan through IE (IE… suspicious =p) 2) I started some new bittorrent downloads (I have been downloading nonstop for months, but it’s possible that I finally made a P2P connection with someone’s infected PC and it actually managed to find a loophole in Windows security, my nVidia firewall (set at generic Medium level at the time) and Avast! all at once.
SOoooo… I’m rather vexed. My OS has not been damaged in any way, and it’s all well and good to just keep hitting “abort connection” (lol), but I want to figure out what’s going on and resolve it. This seemed to be the forum to try first, considering I’ve been using Avast! as my primary resident AV for years now.
One more thing worthy of note:
I update and run scans with AdAware and Spybot S&D every week or two, and I utilize Spybot’s immunization database (and update it as frequently as possible). If there are any more excellent anti-spyware/malware programs out there that I can add to these two as part of my routine scans, let me know about them as well.
Thank you VERY much for any feedback/input/help you guys can provide me!