|I have some major problems with my desktop PC. I posted a query some hours ago but it no longer seems to appear on the www.computing.net website so I’m re-posting.|
Yesterday I was visiting some websites when my AVG (7.5) started throwing up all sorts of warnings that changes were being made to my system. I immediately disconnected and did a system scan which indicated that the following had changed:
Then a full scan showed:
C:\Documents and settings\default\local settings\temp\AC25.tmp (Trojan Horse Downloader.generic8.ZVT and deleted by AVG).
C:\Documents and settings\default\local settings\temp\BN11.tmp (Trojan Horse Sheur2.ZZF and deleted by AVG).
C:\WINDOWS\system32\crypts.dll (Trojan Horse Downloader.Agent2.AVE and deleted by AVG).
It also found Rootkit-Agent.CW, but I can’t now see how I discovered that.
The PC itself works more or less normally, but apart from sending this message I have not connected it to the internet since. But I have configured AVG to tell me of any attempts to connect to any IP addresses. It seems as if any programme I start (including AVG) try’s to communicate with one of half a dozen IP addresses none of which there should be any reason to do so and 2 of which are dubious Latvian IP’s. I tried to connect to the internet once, but unless it was routed through one of these IP addresses it wouldn’t let me connect
So far apart from running AVG scans a few times I have also switched off the system restore. I have also run Malwarebyte and carried out the actions it recommended.
I have also now run Hijack This 2.0.2 . Even to my untrained eye (and I am very much a novice when it comes to this) some of it looks strange. For example:
O1 - Hosts: ::1 localhost
O1 - Hosts: ??????????????? secure.spywareprotector-2009.com
O1 - Hosts: ??????????????? browser-security.microsoft.com
O1 - Hosts: ??????????????? spywareprotector-2009.com
O1 - Hosts: ??????????????? www.spywareprotector-2009.com
I can attach the complete report if required
Any suggestions as to how I can get rid of these problems. I’d rather not have to reformat and reinstall if I can possibly avoid doing so. When I did a scan on Friday the system got the all clear, so I all seems to have happened on Saturday.