Posted 13 June 2012 - 02:01 PM
I have an XP box (fully updated) that has a bizzare infection. Kaspersky reads it as trojan.win32.small.bmpj and it picks it up as trying to infect a windows installer file about every two minutes. Kaspersy can delete it, but then it re-appears and then tried to phone home to a set of servers in germany (according to the addres blocks performed by malwarebytes which is currently scanning. I've run a complete kaspersky scan and ran SAS, and didn't pick up anything, other than the fact the the infectet file (C:\windows\installer\4e41a6b3-c247-a512-48d5-49bf8a39e916}\u\80000000.@)keeps reappearing. I also ran TDSSkiller, which didn't find anything, and Tempfilecleaner, just for good measure. Can anyone give me any ideas where to go from here?