Each time I boot my computer, NIS 2010 detects malware that wasn't there before. Always the same thing -- Suspicious.Cloud, in a file called a.exe, in the users/GregSandow/appdata/local/temp directory.
NIS then deals with the malware, but each time I boot, it's recreated. Seems like I have some malware that's triggered when I boot, which NIS isn't detecting. I've run complete system scans, but nothing shows up. I've also run scans with other programs -- Ad-Aware and Spybot Search and Destroy, and they don't find anything, either. But clearly something is wrong.
I did some investigating, and found these programs in my temp directory:
495465.exe
arcotray.exe
audiodgt.exe
c2dll.exe
crscc.exe
halvsc.exe
I scanned these files individually with NIS, and NIS doesn't think they're harmful.
But when I open the NIS report about a.exe, and look at its origins, the files I've listed had a hand in creating it. That's how I found them.
Google searches for audiodgt.exe and crscc.exe show that both have often been identified as a threat.
I tried running audiodgt.exe and crscc.exe Sandboxed, and they created files that NIS detected, and reported as threats:
wcijjit[1].htm
ujsbrs.exe
zgzzjjwli[1].htm
vttgyjt.exe
smcvhost.exe
flash-hq-plugin45244[1].exe
So obviously I have problems, which NIS doesn't fully detect. Symantec should take note of this.
The boot problem is the one that most concerns me right now. A.exe is created each time I boot. How do I stop this from happening?
Thanks,
Greg