Hi I hope somebody can help.
About a week ago my system started to slow down (especially on start up).
Having been using both Zone Alarm for firewall and Avast for anti-virus for a while I did not think I had been hit with a virus/Trojan…but I think I have.
I did the normal things of scanning with Avast, nothing turned up.
I had read in these forums about Ewido and scaned using that (which did turn up quite a few items).Deleted these but something still didn’t seem right.
Now I find that in the windows temp folder a folder called _avast4_which I’m not sure about and lots of files keep on apprearing in the temp folder like " win*.temp (where * is any number).There are also several other files in the temp folder some of which I can delete, some I cant. Also on the C drive in the Program Files folder is an exe file with what must be a made up name " ybvjobqd.exe "
PLease can somebody point me in the right direction.
Thanks 
What is your OS ?
What other security based software do you have that might block new startup entries, e.g. Spybot S&D (TeaTimer), AdAware (AdWatch), SpySweeper, PrevX, WinPatrol, ProcessGuard, etc. ?
If the windows\temp folder is your assigned system temp folder then the avast4 folder is where avast unpacks the archive files so the contents can be scanned. The scanned files should also be removed after they have been scanned.
The Temp folder will attract lots of temp files that is its purpose, what puts them there is what you might need to determine. Being a temp folder the contents can be cleared. However, some of them might be in use, usually ones that were created that day and they are likely to be the ones you can’t remove.
I would say that the ybvjobqd.exe file is likely to be some malware or other and google doesn’t find any reference for it, which in itself is strange. You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive.
Or VirusTotal - Multi engine on-line virus scanner
Did you run ewido from safe mode ?
If you haven’t already got this software (freeware), download, install, update and run it.
- Ad-Aware
- Spybot Search and Destroy
- Spywareblaster Don’t install this until you are clean.
Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.
Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.
Download and run ATF Cleaner by Atribune. in safe mode, that should clear your temp file. ybvjobqd.exe is a nasty and again deletion in the safe mode is best. However for a more thorough cleaning of what looks like a malware infestation I would suggest a HJT log. Based on the limited information it appears to be one of the later smitfrauds a fix is available here http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Yes essexboy,
I agree with you, and derf will also need killbox from here
http://download.bleepingcomputer.com/spyware/KillBox.zip.
Download this and keep it ready untill after the Smitfraud.Fix routine has ended.
polonus
I’m on XPsp2
I’ve also been using Spybot S&D for a while.
I have done 1 scan using Ewido in safe mode.
Just done a scan using Adaware in normal mode.(detected about 15 criticals)
And an Avast Boot scan.(nothing detected).
Hi Derf :
Based on what has been shared in this thread and since
you have Spybot, I recommend you post a request for
help on THEIR Support Forums at :
http://forums.spybot.info .
They have Experts trained to guide you in the removal
of anything on your computer that should NOT be there .