My virus definition is up to date and all versions are all up to date too. While I was surfing the net, reading news, my zone Alarm popped up and a file that I don't know ask for permission to access the internet. The file name is kxhlsftav.exe.
Of course, I denied access and quickly looked for the file at the usual places using different tools to scan the file.
All reported clean, including AVG and SAV. Although the name is new, the way it wormed itself in looks familiar.
Used Task Manger to stop the process tree, delete the file, delete the pf, delete the subdir (xxusbf), empty trash. Check RegEdit and found the exe file at the usual places, hiding in micorsoft/windows/current verison/run (both user and local machine) waiting to restart on every boot.
Good thing Zone Alarm was working or else I'm toasted as AVG and SAV did not think the file was a problem. I will keep checking the usual places for funny file name (most likely randon name) for the next while.
I think there are other instance of the file but am not 100% sure. I deleted the file anyway. The time stamp is identical and I have no idea what it is. (vyilpp.exe) Looks suspicious enough.
The problem I have now is I cannot empty my recyle bin. It said it has 3 files. I looked and it is empty. When I try to empty the recycle bin, it gave me an error message. "Cannot delete Dd51: Access is denied."
Anyone else came across this problem or knew what I am up against?
EDIT: Moved to a more appropriate forum-MG
Edited by garmanma, 26 February 2010 - 09:49 AM.