Posted 27 August 2010 - 04:59 AM
Hello Sirs / Madams,
I have serious problem lately with my computer, leading me to suspect a virus/trojan infection. The symptoms are the following:
- Frequent system instability, 100% of CPU running, infrequent BSDs
- When I try to run a full system scan with Mcafee Viruscan Enterprise, although I am setting up the program to scan All Files, only a small fraction of the files is scanned and most of them are skipped. Moreover, the program is not capable anymore to automatically update the virus definitions (it can be done manually)
- During the last 15 days, Mcaffee has found two threats during some automatic scans that are run overnight (unfortunately I accidentally deleted the log file but the name of the threats were Generic Dropper!dge and Artemis!448D85D07)
- On some occasions when the computer is very slow and I try to restart it, I get messages about programs and drivers that "Do not respond and must be terminated". Among those, I have seen some strange name(s) of programs consisting of asian characters (I am not asian nor have I any asian language installed on my pc)
- In the Access Protection Log of Mcfee, I see repeatedly the line
15/7/2010 5:18:43 πμ Blocked by Access Protection rule NT AUTHORITY\NETWORK SERVICE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\tftp.exe Anti-virus Standard Protection:Prevent use of tftp.exe Action blocked : Read
Other strange lines that occur in the same log:
18/7/2010 3:13:08 πμ Blocked by Access Protection rule C:\download\VeohWebPlayerSetup_eng.exe \REGISTRY\MACHINE\SOFTWARE\McAfee\DesktopProtection Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Write
18/7/2010 2:44:46 πμ Blocked by Access Protection rule C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\dimon0\Local Settings\Temp\wze6f1\procexp.exe Common Standard Protection:Prevent common programs from running files from the Temp folder Action blocked : Execute
19/7/2010 6:20:43 μμ Blocked by Access Protection rule C:\WINDOWS\system32\packager.exe C:\WINDOWS\Temporary Internet Files\Content.IE5\U16BUJOJ\C__DOCUME~1_PHILLI~1_Desktop_Bpcalc.exe Common Standard Protection:Prevent common programs from running files from the Temp folder Action blocked : Execute
I am running Windows XP Professional Service Pack 3, and I am at your disposal for any other information you might need.
Thank you in advance for your help.