Virus scanner: McAfee 8.5, virus definitiosn up to date.
Firewall: FortiClient, setting "Normal".
Last sunday I was infected with a host of virii; it seemed that McAfee was able to block them all. I wasn't convinced though, found through FortiClient that a program ccdrive32 opened connections on almost every port. Since then, all hell broke loose.
On advice of a friend, I downloaded, installed and ran: MABM, SuperAntiSpyware, ComboFix (yes, I later read you shouldn't do that unsupervised) and VundoFix. VundoFix found no problems, SAS found and deleted around 30 trojans, ComboFix found a rootkit but couldn't delete it. SAS, MABM or McAfee find no rootkits, btw. Neither McAfee or the FortiClient scanner found anything at all.
After 3 days of intensive scanning and repairs, SAS, MABM and McAfee find no problems on a scan. However, every 5 minutes a warning from McAfee pops up:
I googled, and found similar problems (http://community.norton.com/t5/Norton-Internet-Security-Norton/Auto-protect-blocked-security-risk-W32-IRCBot-Gen-How-do-I-stop/m-p/175636) but no resolutions.
Clearly, I have some infection that my current programs can't fix. Any ideas? Thanks in advance!
Edit: I found this in my scan log:
2/3/2010 12:57:26 PM Niet gescand (time-out voor scan) NT AUTHORITY\SYSTEM C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Java\jre6\lib\rt.jar
2/3/2010 1:00:52 PM Verwijderd NT AUTHORITY\NETWORK SERVICE C:\WINDOWS\system32\svchost.exe C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\NYLP.TMP\SVCHOST.EXE W32/IRCbot.gen.ah (Virus)
The second line is the first time the message seems to have popped up; the line before was started 3 minutes before and for some reason mentions: "not scanned".
Edited by Boudewijn, 03 February 2010 - 10:27 AM.