Posted 06 April 2008 - 11:05 AM
Can someone please advise me on what to do? Upon starting my computer yesterday, I got an alert from BOClean that this trojan was found in C:\Windows\System32\Drivers\KMXAGENT.SYS. The alert stated that the trojan was shut down, removed, and registry cleaned. After I closed the alert, Spybot asked me about accepting the registry change, deleting values to these items: NDSTray.exe, TFncky, and sbusbAudCtrl. Believing this was what BOClean had done I accepted the change.
Less than a minute later a windows installer dialog box appeared, preparing to install something it said was from Wal-Mart Music Downloads Store. I was not at the site, didn't have a browser open, and it didn't seem legitimate to me, so when the firewall asked about allowing it I refused it. The installer kept on and on popping up and I kept having to close it. Eventually I opened the Control Panel and removed it.
I had a bad feeling that there's more problems, but I ran a Norton full system scan, as well as a Spybot scan and neither turned up anything but tracking cookies. When I shut down afterward, a message came up saying Access violation, followed by some numbers, but it flashed so briefly I couldn't get them down...then another message "ccSyCHst.exe application error...again it was gone before I could get it all.
Today when I started up, another alert about this trojan horse, still in this same file. This time BOClean said it removed the trojan but the file still existed and did I want it removed, to which I said yes. Then Spybot asked about allowing the registry deletion to ISUSPM at C:\Program files\Common Files\Install Shield, and I agreed. Later after doing some reading here I registered and attempted to post, but got a message about the forum being down temporarily for some work. Just now when I started the computer back up to try again to post, before anything had even loaded up, a windows installer box was trying to install something, which I cancelled. This is way beyond me, and it's really scary to know that even with several layers of protection, and "safe' surfing something still got through.
I hope someone can help. I'm running XP Home Edition with Service Pack 2, and IE7. Thanks!