Last week a routine SpybotS&D scan detected the trojan Bifrose.LA on my computer, with an AdAware scan detecting Win32.TrojanDownloader.Agent.am afterwards. I posted in the HJT log forum and MFDnSC helped me out. After taking his advice I am no longer getting positive detections from any of my anti-malware scanners, but my computer is still being a little worrisome. MFDnSC told me to post in this forum to get help.
Here's the original HJT thread:
As you can see from that last post, my AVG email scanner is still occasionally popping up a window that says it's connecting to "10001265696.0000029181.acesso.oni.pt:110". I have *no* idea what that is, and the behavior just started last week. I switched my AVG email scanner to log "Maximum" info, and now when the acesso.oni.pt message appears I'm getting this in the log:
2.1.2007 17:41:09.937  AutoPOP3(10110): Connection from process 3436
2.1.2007 17:41:09.937  AutoPOP3(10110): Connection from 127.0.0.1:3898
2.1.2007 17:41:09.937  AutoPOP3(10110): Will connect to 126.96.36.199:110
2.1.2007 17:41:10.015 [ea0] AutoPOP3(10110): Client connected
2.1.2007 17:41:10.015 [ea0] OpenInternet = 0
2.1.2007 17:41:10.015 [ea0] AddTrayIcon()
2.1.2007 17:41:54.062 [ea0] AutoPOP3(10110): Cannot connect to 10001265696.0000029181.acesso.oni.pt:110
2.1.2007 17:41:54.062 [ea0] AutoPOP3(10110): Connect: The operation completed successfully. (0)
2.1.2007 17:41:54.078 [ea0] AutoPOP3(10110): PROXY:S:-ERR AVG POP3 Proxy Server: Cannot connect to the mail server!
2.1.2007 17:41:54.078 [ea0] CloseInternet = 1
2.1.2007 17:41:54.078 [ea0] RemoveTrayIcon()
2.1.2007 17:41:54.093 [ea0] AutoPOP3(10110): Client disconnected
Of course, my concern is that my computer is still compromised by some sort of backdoor type thing. Anyone seen this before? Anything in particular I should look into?
Thanks in advance for any help...
Moderator Edit: Moved topic to more appropriate forum. ~ Animal
Edited by Animal, 02 January 2007 - 09:20 PM.