before i begin i will tell u what i have

latest versions and updates of

norton antivirus 2004
ad-aware
cwshredder
bazooka spyware scanner
browser hijack blaster

im not runnig MSjava, im using sunjava in IE browser.

a self running SMTP mass mailer virus/trojan has attacted itsself to svchost.exe and continally emails itself to random email servers such as aol and earthlink and att and yadda yadda(determined this from netstat in command line). only way i caught this was that i have norton set to scan all outgoing and incoming emails. a popup in the lower right corner opens from norton saying its scanning an email. norton lets the scan through.

there are no weird registry entries of any kind.

i determined the svchost.exe process that the virus/trojan was attached to by running filemon from sysinternals. i got the PID of the process and killed it. the mass emailing has stopped after that. upon the service restarting the mass emailing begins.

i got no clue what to do. :(

the virus/trojan tries to create a file called faeec41a.tmp in the folder

C:\WINDOWS\Temp

and i would guess its trying to take that file and mail it out

Got a name for the trojan or process running in svchost???

V...

try http://trojanscan.com/ to identify the culprit.

A firewall would stop undesired outgoing traffic.