Virus I can't remove...

[theoneptd]

It started out about 2 weeks ago. I took notice my computer was acting a slow, and my cable modem's transmit and receive lights were constantly going, like I was doing something over the internet, ie. playing a game or browsing the web.

I talked to a bunch of friends and some suggested the program called Axence NetTools, so I went to their website and downloaded it. I am computer literate but it took a little to find out what I needed it to show me.

I clicked on the Local Info button, along the top of the screen, and it brought up all of my network traffic, incoming and outgoing. and to my suprise there were over 50 connections using the same PID, and used the svchost.exe program. The connections (on the remote side) would be connected on port 25, and the ip addresses, and domains seemed to be mostly mail servers.

I basically terminated the process ID that all this was causing, and then all my network activity went back to normal, even my cable modem stopped the activity.

I thought I was safe but a few hours later, I walked by my computer and saw the cable modem lights going nuts again, so I check my network activity, and sure enough the same thing was going on.

After restarting my computer, I monitored my activity, and it seems either a specific domain is polling my computer or the virus contacts the other computer to let it know I am online, it goes to reverse-mtl-60-87.existservers.com and after it contacts that address, all hell breaks loose and all of those connects start spawning.

One day, I had over 100 connections.

No virus software has been able to detect it, and I have been trying multiple free ones just to see if any can find it. I am at my whits end on this.

Thanks for taking the time to read this,
C.W.

[johnwill]

Please follow this HJT Log 5 Step Process to post a HijackThis log in the HijackThis Log Help forum here.