Indications of infection.
1. too much activity on the network symbols, mostly outbound. When I checked it, I had 10,000 packets in and 140,000 out.
a. Checked this & that and determined that Mcii... might have been replaced by a backdoor. Deleted the two MciiService???.exe and MciiServiceHost.exe. This stopped the HIGH COUNT outbound but I'm not sure that I have completely eradicated the backdoor?
2. Occasional freezes of my mouse and occassional runaway of the kepboard input, where 15 - 25 repetitions of the last letter or space is repeated.
a. Did more checking and identified that a Wuauclt.exe was infected and probably a backdoor file. I have removed this file. It returned, more than once. I eventually deleted everyting in the system 32 folder I found these files in. I have not had as many occurances as before but it does happen infrequently.
b. This time I'm not sure where to start looking for additional clues to why my system misbehaves two three times a day.
3. Kaspersky reports: Kernal mode memory patch!
a. I don't know what this error means. It is not listed as critical. However, in my mind, this is a VERY critical error. Nothing should be patching the kernal area. This is a substantial part of the reason that I think I still have rootkits running on my system.
I generally think I need a more systemmatic approach to ridding my system of these parasites. I've tried all the usual clean up procedures.
I have run: Kaspersky, it did not find the problems above.
Trend Micro Housecall, it did not find the problems above.
Something from the aumha Parasite Fight Quick page. it did not find the problems above.
I found those probelms when I started doing individual google searches of what was in my process list starting with those with most activity. In my fustration, I have run combofix some time in the last three weeks. This is a second infection in the last six weeks. My impresion I was infected by the torrent site last week has to do with the sudden increase in freezes and the slowdown when the system was sending out packets like crazy.
So, please help. In the meantime I will try to get into the training courses as I hate not understanding what I'm doing and where I'm going. And by virtue of fixing my own problems, I seem to be a resource for a lot of people who are having problems and are significantly more clueless than me.
Edited by plaidhat, 22 January 2010 - 05:39 AM.