Posted 30 January 2011 - 05:27 PM
I can't offer any help yet, but I just got hit with the same thing, although in my case it called itself "Antivirus .NET". Symantec AV caught the java script installer after the install, but not that application. MalwareBytes seemed to remove the "Antivirus .NET", but I still can't access Windows Update, and my PC is making a slew of http connects through a svchost.exe instance that start with a DNS lookup for z0g7yalil0.com. The connection to z0g7yalil0.com returns a list of other addresses for it to go hit. I have two different spyware scanners and one rootkit detector that aren't finding anything, perusing my HijackThis log hasn't turned up a root cause, and browsing through the registry hasn't found anything suspicious either.