Dear Members,
I have been under attack for the past 2 weeks by an as of yet completely unknown trojan or virus.
Usually I can type in the exe file names and come up with some information on the malicious files in question…not so with these pests.
Hoping somebody can assist.
My system:
Windows XP Professional - full updated
Antivirus: Avast Free Anti Virus 7.0.1426 fully updated
Firewall: Zone Alarm ZoneAlarm Free Firewall version: 10.1.065.000
vsmon version: 10.1.065.000
Driver version: 10.1.065.000
ZoneAlarm Browser Security: 1.5.350.0
ZoneAlarm ForceField Spyware Scanner: 1.5.53.235
ZoneAlarm ForceField Anti-Phishing Database: 1.2.104.0
ZoneAlarm ForceField Spyware Sites Database: 04.155
Spybot: I have Ad-aware running, however as of yesterday I went back to Spybot S&D with the hopes it could be more successful.
The problem seems to work in the follow order:
AVAST message will popup with the indication that a trojan has been stopped, this will usually be something like D001.exe, H001.exe, c001.exe, A10.exe ect. Avast seems to be able to protect my system from the assault fortunately.
I then notice that in windows task manager, either one or both of the following processess will open ftp.exe and cmd.exe, if I dont shut these processess down, Avast will deliver popups at an unbelievable rate!!! It could not be unusual to get upwards of 40 popups within a few minutes, the popups indicating as mentioned above.
In the C:\windows\system32\ folder numerous folders will propagate with names like i7472, i6533, i4504 ect (these numbers seem to be random), I will then also get exe files forming in the same folder with names lik D001.exe, H001.exe ect ect.
Over the past few days, I have run full system scans with Avast, and bootscans, I have run housecall trend micro and spybot s&d as well as Ad-aware.
To resolve the situation I have attempted to stop the ftp.exe and the cmd.exe from actually opening in the first place, since this seems to be the way that the trojan attempts to download and install virus or whatever is going on. However Zonealarm doesn’t seem to be able to stop this process.
I have done exstensive searches on the web for any information regarding the existence of any of these files but with absolutely no luck, I can therefore only assume this is a world first
I have a hijack this report if this might assist anyone: I have to attach it since it exceeds the 1000 word limit on postings
Kind regards and thanks for any assistance you might be able to provide