|
A bit of a disappointing day. The computer went 24 hours without any signs of anything being amiss, now I'm back to square one again. I've deleted the System32/wins directory and is has not come back. But those perflib data files eventually appeared in System32 again, followed by an NTMSJRNL in the System32/Ntmsdata directory. And now I have a test.exe file in System32 which is doing the same thing as the old svchost.exe file did in the wins directory - constantly uploading information, etc. I ran Kaspersky and got the following.
Number of viruses found: 1
Number of infected objects: 0
Number of suspicious objects: 4
Duration of the scan process: 00:34:30
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TIBS11.zip/125316.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TIBS11.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TIBS16.zip/125316.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TIBS16.zip ZIP: suspicious - 1 skipped
cheers,
Mark
|