Hi i7 -

 

Weird! It should, judging by the older date of this.

 

Download, Install and Update - Malwarebyte's AntiMalware - www.malwarebytes.org - disconnect from the Internet and run a complete system scan.

 

Let's see if MBAM picks it up and throws it into Quarantine. If so, then delete it.

 

Did *you* submit this to ThreatExpert?  Additionally, If you can get to the actual file also submit it at:

 

https://submit.symantec.com/websubmit/retail.cgi

 

Let us know what the result is.

 

 

Have run MBAM, SAS and Spybot and nothing flags.  I did not submit it as it appears exactly the same as the one previously posted on ThreatExpert.  Unfortunately I deleted the primary file but stopped short of doing anything further (such as registry edits).

Hi i7 -

 

Ok. Let's then try this:

 

http://www.emsisoft.com/en/software/stick/

 

We will evaluate from there.

 

TIA

Try a Hijackthis log to see if there is anything it was attached to that might still be there.  When you ran the MBAM did you disable system restore?

 

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

 

You could paste it here for one of the pros to have a look at.

Firewall logs show the connection occurs every 2min.  Netstat also shows the outgoing connection on port 8653.  Have captured the IP it is going to (in China).  Connection is through a router.  NIS firewall is not blocking it. 

 

Will not have access to the infected computer until later today.

Hi i7 -

 

OK. Please let us know.

 

BTW - What operating system are you using?

 

fully patched XP SP3.  System restore was turned off then back on so no old restore points

Hi I7 -

 

Good - so please follow the steps in order (that you have not done yet) so we could isolate and eradicate.

 

Look forward to hearing from you.

 

TIA

 

 

BTW - has any "weird" software been installed on this computer, lately?