Possible Virus or spyware?

[TurboMike]

Hi. I got home and logged onto my personal computer.

Zone Alarm starts going off imediately saying 3848747.exe is trying to access the internet.

I click "deny" and then 30 second later another one pops up.

I go to look where it's originating and find that there are exe files be created in the temp folder. I delete them and they start coming right back. They are a random series of numbers with a exe extension (ex 48385.exe, 548732.exe, etc.).

I run AVG Antivirus and it didnt find anything. I looked for something odd.. new program installed or something and couldn't find anything.

Anyone heard of this? Im running 2000 Pro btw.

 

[CalvinHobbes]

Follow the instructions in the thread the security forum.

 

[dealmaster00]

Yep, it's definitely a virus/spyware.

 

[mechBgon]

If you want the malware ID'ed, upload copies of the files to http://www.virustotal.com. If your ISP blocks them en route, click the padlock icon to send it via SSL. I'd be curious to hear what the results of the scan are, if you want to paste them here.

My prediction.... *holds monitor in both hands with eyes almost closed... ahhhhh yes, I feel the malware* ...an Alphabet variant. Survey says?



If I can suggest something else, uninstall AVG Feeble Edition and try this alternative. Max out all the detection options and set the sliders to HIGH, then update and run a full scan.

Also, run these:

Microsoft Baseline Security Analyzer Fix all the issues it flags.

Secunia online checkup The bad guys target stuff you might not be updating. This should help you fix up some of the top targets.

Microsoft Update (for obvious reasons)

And I would suggest creating a new Administrator-class user account just for actual Admin work, then switching your own usual account to Restricted User (the equivalent of a Limited account on WinXP). Much more secure in daily-driver operation.