Hi to all !
I have 2 PCs, both running Windows XP pro SP3, all updates till july; Symantec Endpoint protection.
Few days ago, I noticed that my PC was very slow; in task manager, I found a svchost running 100% of CPU. I found that this was due to windows automatic updates, I turned it off and all was OK. I tried to run Windows Update from Microsoft site, but the green bar "looking for updates" went over and over, finally I closed IE. I tried with the other PC, and the behavior was exactly the same. I tried many fixes from Microsoft, but no result.
This is the only sign that I have in my PCs. I surf the web with Firefox or Chrome OK, no pop-ups, no visible re-directions
Symantec Endpoint Protection doesn't find anything, and it runs updates fine.
I have MalwareBytes Antimalware free, it downloaded updates and run OK, and it finds nothing.
I ran Microsoft Safety Scanner: nothing found; Microsoft Defender Offline (boot from CD): nothing found; Avira Rescue (boot from CD): nothing found; TDSS Killer: nothing found; Symantec and F-Secure tools for Conficker (someone told me I could have that virus): nothing found.
Now, I remember that some weeks ago I had an alert of GoogleUpdate.exe trying to connect to Internet; since I have a portable Chrome, I was souspicious, and denied, then I went in the folder of the googleupdate.exe and deleted it without any problem. I know the strange rules of updating Chrome, so I thought this could be compatible with my portable Chrome, and forgot all.
But now, I read some topics about ZeroAccess rootkit and its use of GoogleUpdate.exe (in McAfee Threat Advisory).
I am very worried, so I am asking help to understand if I could be infected or not. In my house there are also 2 PCs running Windows 7 (starter and home premium), and they both are OK, make windows updates normally.
Thanks for any advice, forgive my English.
Edited by Chicchio, 06 September 2013 - 04:53 AM.