Trojan horse Generic 15.ARFB

Hello,

Since Sunday when the modem is turned on get the following message every 5 minutes:
File: lovun.ru/images/judex.exe infection: Trojan horse Generic 15.ARFB

I'm running Win Vista SP2
AVG 8.5.425 with latest update.
Since it started I run also:
Malwarebytes
Trojan remover
SuperAntiSpyware
Spywarefighter
Spybot-S&D
All came clean.

Please note that when the modem is turned off the message doesn't appear.
I searched the web for 15.ARFB and came with 0 results.

I'm attaching attach.txt and dds.txt
I run 3 times RootRepeal.exe and got an error message box (empty) and the scan stopped and I could not get the data.
It stop at file:
c:windowswinsxsmsil_cscompmgd_b03f5f7f11d50a3a_6.0.6001.18000_none_18976aa08b000


Any idea ?

Thanks in advance,
Shimonk

I managed to see the RootRepeal Error message: "Attempting to write to address 0x00000004"
When I press OK the process disappears.

Merged posts. ~ OB

Edited by Orange Blossom, 10 November 2009 - 05:56 PM.

Hello All,

During the last few days I tried various trojan removers. None of them is even locating the problem.
I upgraded AVG to version 9. Same results.

As far as I can see the trojan horse is leeching over one of the processes Plug and Play and DCOM (both using same PID), via svchost.

I blocked the lovun.ru site at my router. see the attached log of 30 minutes:

2009/11/13 18:20:09 : 192.168.1.106 has tried to access the blocked web site lovun.ru
2009/11/13 18:25:08 : 192.168.1.106 has tried to access the blocked web site lovun.ru
2009/11/13 18:30:07 : 192.168.1.106 has tried to access the blocked web site lovun.ru
2009/11/13 18:35:07 : 192.168.1.106 has tried to access the blocked web site lovun.ru
2009/11/13 18:40:06 : 192.168.1.106 has tried to access the blocked web site lovun.ru
2009/11/13 18:45:05 : 192.168.1.106 has tried to access the blocked web site lovun.ru
2009/11/13 18:50:04 : 192.168.1.106 has tried to access the blocked web site lovun.ru

Waiting for someone's help.

Note: when I googled for 15.ARFB I get only my post.

Merged posts and removed unnecessary quote. ~ OB

Edited by Orange Blossom, 21 October 2010 - 08:46 PM.
Removed no longer relevant content. ~ OB

I can not wait any longer. I format the drive, re-install Vista.

Thanks.

Since this issue seems resolved, I am closing the topic.

If you are the original topic starter and you need this topic re-opened, please send me a PM

Everyone else, please start a new topic.