|
Found and removed WORM_AGENT.DFFZ and xyzdyn.exe infections; are there others?
I believe I have found and removed two infections from my machine: WORM_AGENT.DFFZ (which drops files named D:\mplay.com) and xydzyh.exe. In both cases I hunted through the registry, found references to the infected files in what were clearly bogus registry keys, and removed them.
Before the removal, I was getting occasional odd popups and had lots of copies of iexplore.exe running; now I don't and there are no overt symptoms.
Nevertheless, I tried going through your preliminary steps and found something disturbing: Panda ActiveScan runs for about an hour, claiming to find something like 72 infected files in the process, and then abruptly terminates before I can get it to write a log. Not surprisingly, Norton AntiVirus finds nothing wrong.
So I can't run Panda ActiveScan. I can, however, run DSS, and I did so. The log is attached. I also installed SpywareBlaster.
Looking at the DSS log, I see (around line 488) that there was a timeout "waiting for the Indexing helps service to connect"). This suggests to me that some part of the xydzyh virus is still there, because I believe that "Indexing helps" is the malware service that xydzyh installed (and that I removed from the registry as part of getting rid of it).
However, I did check and that service is not still running, nor has xyzdyh.exe (or d:\mplay.com) returned to my machine.
So for starters, I would like to know how I can get Panda ActiveScan to complete, and what else I might to do verify the absence of infection.
|