My English isn’t very good, but I’ll try to explain as detailed as possible what have been happening…
Every time I try to access the internet, I get a virus detection message from Avast 4.8, stating that my PC is infected with several different kinds of worms and viruses. It happens only when my internet connection, whether dsl-cable or wireless, is active.
This is the log I’ve retrieved from Avast Log file, stating which viruses were detected in the last couple of days:
1/6/2008 13:01:20 SYSTEM 1380 Sign of “Win32:OnLineGames-DQP [trj]” has been found in “C:\WINDOWS\system32\zdesfx.dll” file.
1/6/2008 13:01:13 SYSTEM 1380 Sign of “Win32:OnLineGames-DQP [trj]” has been found in “C:\WINDOWS\system32\jhrcar.dll” file.
1/6/2008 13:01:11 SYSTEM 1380 Sign of “Win32:Wow-FXJ [trj]” has been found in “C:\DOCUME~1\usuario\CONFIG~1\Temp\21.gif[FSG]” file.
1/6/2008 13:01:10 SYSTEM 1380 Sign of “Win32:Wow-FXJ [trj]” has been found in “C:\Documents and Settings\usuario\Configurações locais\Temporary Internet Files\Content.IE5\O4QU002G\21[1].gif[FSG]” file.
1/6/2008 13:01:00 SYSTEM 1380 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\usuario\CONFIG~1\Temp\down.gif” file.
1/6/2008 13:00:58 SYSTEM 1380 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Documents and Settings\usuario\Configurações locais\Temporary Internet Files\Content.IE5\GXY79WI4\down[1].gif” file.
1/6/2008 13:00:50 SYSTEM 1380 Sign of “Win32:Agent-IYU [trj]” has been found in “C:\DOCUME~1\usuario\CONFIG~1\Temp\9.gif[FSG]” file.
1/6/2008 13:00:49 SYSTEM 1380 Sign of “Win32:Agent-IYU [trj]” has been found in “C:\Documents and Settings\usuario\Configurações locais\Temporary Internet Files\Content.IE5\0ETFJ9XQ\9[1].gif[FSG]” file.
1/6/2008 13:00:40 SYSTEM 1380 Sign of “Win32:OnLineGames-DJV [trj]” has been found in “C:\DOCUME~1\usuario\CONFIG~1\Temp\7.gif[FSG]” file.
1/6/2008 13:00:39 SYSTEM 1380 Sign of “Win32:OnLineGames-DJV [trj]” has been found in “C:\Documents and Settings\usuario\Configurações locais\Temporary Internet Files\Content.IE5\FYHZYX2D\7[1].gif[FSG]” file.
1/6/2008 13:00:35 SYSTEM 1380 Sign of “Win32:OnLineGames-DQP [trj]” has been found in “C:\WINDOWS\system32\hhrdxd.dll” file.
1/6/2008 13:00:28 SYSTEM 1380 Sign of “Win32:OnLineGames-DJV [trj]” has been found in “C:\DOCUME~1\usuario\CONFIG~1\Temp\5.gif[UPX]” file.
Avast detects these viruses, but is unable to find which file is creating all these malwares.
Threat Expert Memory Scanner doesn’t find anything suspicious or malicious running in memory.
Bankerfix, which is developed by linhadefensiva.org, also does not detect any threat.
Does anyone knows what’s happening?