I have a HP Pavillion dv8000 Laptop running Windows XP Pro, x86 Service Pack 3, I am using Internet Explorer 7 as a web browser.
I use AVG anti-virus, Ad-Aware and have used SpyBot S&D, and Malwarebytes to check for viruses.
April 14, 2010, AVG found a "PUP Adware Generic2.ABZP", also found evidence of the same virus on the 21st of April in different places. On April 25, 2010 AVG found "Trojan Horse Dropper Generic2.CKX". All were fixed and placed in AVG Virus Vault.
Problem; I can get online and go to most all web sites I want to except, "Windows Update" or "Microsoft" webpage and any known Anti-virus sites. IE gives me the message (IE cannot display the webpage). I have used all the suggestions, such as update Active X controls and Java. I have disabled Restore to eliminate saving and re-infecting the computer.
I recently installed Online Armor Firewall to replace Windows Firewall. While checking Online Armors list of "allowed" Programs, I came across "Speedy PC". It was not something I recognized as having installed on my laptop, not listed in my Program Files or Control Panel –Add/Remove page, so checked for more info from Online Armor. This is the information they showed:
Size 375,487 byte(s)
Vendor SpeedyPC Software (Unknown)
Sighting 14-Apr-10 26-Apr-10
Actions Allowed by 33% user(s)
Also known as:
What does Au_.exe do?
Installer - Installs software on your computer.
Process - a process that runs on your computer
Au_.exe Version info
Au_.exe describes itself as follows. Note that this information can easy be faked
Product Name SpeedyPC
Product Version 184.108.40.206
File Version 220.127.116.11
Copyright Copyright © 2010 SpeedyPC Software
Description SpeedyPC Installer
Au_.exe is found in location(s)
Au_.exe has been sighted in the following countries
Italy 14-Apr-10 14-Apr-10
United Kingdom 20-Apr-10 20-Apr-10
United States 20-Apr-10 26-Apr-10
I find it ironic that the first sightings correspond to the first date AVG found a virus in my computer.
Tracked it down and it is located at "C\Documents and Settings\E. Jean Ruport\Local Settings\Temp\~nsu.tmp\Bu .exe"
The first time I checked with Online Armor, I am sure the exe was "Au .exe."
Also, The infection on April 24 that AVG found was "Trojan HorseDropper.Generic2.CKX" in "C:\Documents and settings\E. Jean Ruport\Desktop\a .exe"
I find this SUSPICIOUS!
It is not listed in my Program Files....
I checked it with AVG and MBAM but it showed clean in both.
As I am not able to get to Anti Virus sites on Internet Explorer could you please investigate this for me.
As for me I am going to Isolate this program as much as possible until I hear from you.
7:30 AM Tried to get AVG updated and updates failed so I Just Checked Online Armor again and it now has "Cu .exe" so this file is multiplying. The program is called Speedy PC. I have blocked them through Online Armor. Don't know what else to do.
Thank you for any help you can give, Jean
Edited by grammajean, 01 May 2010 - 06:28 AM.