Got infected and trying to run removals. All get response like
"not a valid Win32 application"
Can run Hijackthis and Combofix. Logs attached.
Identified malware using AVG scan from a Ubuntu 7 live CD.
Seems that "c:\windows/system32/drivers/down" is being populated with nnnnnn.exe files of various sizes, repeatedly.
System Volume Information had infection, shared and cleaned (I think). Occasionaly I see such a file running in TaskManager and I kill it.
Most troubling now, cannot run malware removal programs like, Kaspersky, Clamwin, SpyBotSD.
Also, free disk space on C: increased some 7GB (120GB disk, had 5.3GB free before infection).
HOLD HOLD HOLD
1. Tried to run the removal program once more before sending the logs, THEY ARE ALL CAPABLE OF RUNNING
seems that the Combofix deletions DID help.
2. Free space on C: now up to 15GB
Would you please email *** if you have information, Thanks.
Thanks all for help
Mod Edit: Email address removed to protect against spam ~TMacK
Edited by TMacK, 20 January 2008 - 12:36 PM.