Bonjour,

I’m using avast, Xp sp2 with all updates… And i would like to know, how to…

How to dectect virus encrypted by Undetector or another crypter…
After my firefox.exe try to connect “activespy.no-ip.org” (outpost firewall detect firefox.exe).
I have scanning my pc with many antivirus or spyware, etc… no detection…

But i have scanning with some antirootkit, and FIREFOX appear like “hidden process”. i have uninstalling Firefox, but now
it’s iexplore.exe who appears “hidden process”…

After some analyses, i see some services are launched without my autorisation, “like Remote Registry Service”, Remote access…etc… The registry can’t edit by me… (An other programm access to the registry…)
I’ll try to remove with xp safe mode, but the same thing !!..

After disable all services and process, my firewall say to me "explorer.exe trying to injecting some code to iexplore.exe, messenger.exe, msmpeng.exe , etc…

How to detect the real file who inject these malicious code ? I’m think it’s launch by svchost process.

try activespy forum for more information…

You should report this to no-ip.org as this link is someone using no-ip.org to redirect people to his PC acting as a server without having to host his own site.

You don’t say what anti-rootkits you have used some are more dangerous than some malware and should be used with caution.

The fact that firefox was listed in the outpost logs doesn’t mean it is firefox, there could be a browser hijack which is directing firefox to this URL. Having got rid of firefox then IE becomes the default browser and it looks like the hijack is also in force there.

Can you not run services.msc from the windows Run command line and once the services interface opens set the remote assistance, etc. to Disabled.

I have explorer.exe permanently blocked on outpost pro.

These are more user friendly anti-rootkit tools.
Also see, anti-rootkit, detection, removal & protection http://www.antirootkit.com/software/index.htm.

• BlackLight - It can detect rootkits like Rootkit Revealer but can also remove them. http://www.f-secure.com/blacklight/
• Panda Rootkit Cleaner - http://research.pandasoftware.com/blogs/images/AntiRootkit.zip also see http://research.pandasoftware.com/blogs/research/archive/2007/04/02/Panda-AntiRootkit-Released.aspx or http://www.pandasoftware.com/.
• AVG ANTI-ROOTKIT - AVG Anti-Rootkit http://free.grisoft.com/doc/avg-anti-rootkit-free/lng/us/tpl/v5.

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.
AVG anti-spyware (formerly Ewido) Resident scanner during trial On-Demand after trial ends. Or SUPERantispyware On-Demand only in free version. Or Spyware Terminator Resident scanner.