- I scanned the system with Avast.
- I scanned the system with Avira Antivir.
- I scanned the system with Gdata.
- I went back to Avast and performed a boot-time scan.
- I scanned the system with Malwarebytes. It found 1 item:
Malware.Trace | Registry Key | HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvIDI deleted the VB... key manually though this undoubtedly won't fix anything.
Various programs are attempting outgoing TCP connections on port 80 to 89.114.195.* [akamai*.ipv4ilink.net]. I can't fathom a legitimate reason for this. From what I can tell, that domain belongs to a Romanian company, not Akamai. Programs that have exhibited this behavior so far:
- svchost.exe [Cryptographic Services]
- An Avira Antivir executable whose name I don't recall.
- AcroRd32.exe [Adobe Reader]
- plugin-container.exe [Firefox Flash Player process]
- firefox.exe [Mozilla Firefox]
The last one is the most disturbing, since it means the connections went through the firewall unhindered for God knows how long until I realized what was going on. I am sorely tempted to format the Windows partition and start over. The trouble is, apart from the immense effort it would take to rebuild, the first thing I would do is reinstall my old programs. With none of the anti-viruses finding them suspicious, I'd likely end up back to square one before I knew it.
I'm at my wit's end and I would really appreciate some help.