Posted 07 May 2009 - 03:22 AM
New to the forums, but been around computers for more years than i care to remember i've had my fair share of virus's, spyware etc and manged to gedt rid of them on my own with great sucess. Granted I've been lucky and not been hit in years, so it was bound to happen. And now i'm a little out of practice with the best techniques.
Got infected over the weekend, not sure how it got in, but it did. I was running AVG for free, windows Defender and Windows Firewall, i'm sat behind a Draytek Vigor router with a hardware firewall. Anyway tried the usual at the time AVG etc. Couldn't remove it.
found a few rogue .exe on my system one of them was LD08.exe.
Anyway, i was due to flatten my PC so i did. F-Disk'd the hard drive, and re-formated using NTFS - Full not quick format. Installed a trusted windows XP with a slipstreamed SP3. Also bought F-Secure internet security on the advice of a collegue, who has deployed it at his buisness and was impressed with the quality of the product.
Installed this before i connected to the internet (just to be safe) and then started re-installing all the programs i use (which are all legit). Things seemed to be going fine until all of a sudden, I noticed that taskmanager was grey'd out. Which i thought was odd. Did some research and found that regedit also didn't work.
Read up on the web and installed Spybot S&D which found the Win32.Agent.pz, always in or around the same reg key - network UID in HK users.. can't remeber the full link. also at around this time F-Secure found and deleted the following virus Trojan-Spy.Win32.Zbot.tdj.
Since then the win32.agent.pz keeps coming back. Installed Malawarebytes, it found "Rogue.Virus Agent" or something similar, 3 entries and removed it which it. Even after all of these positive results the damn thing keeps coming back I'm at my wits end, i'm three days into this with no real sucess.
I have nothing running in process, that i'm not expecting. I have no suspious (as far as i can tell) *.exe in the windows folder.
Any help would be great.