System Info:
OS: Windows 7 Ultimate
CPU: E8400 (@ 3,00GHz)
GPU: GTX280
PSU: 650W
RAM: 3GB
Antivirus: Nod32 V.4
Also installed malwarebyte's antimalware and superantispyware.
Problem:
Today, almost every 15 minutes nod notifies me with 2 notices:
This is the first that shows up:
5/12/2009 2:47:23 μμ HTTP filter file
http://91.212.226.178/anime3CL.exeWin32/Kryptik.BHG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Windows\System32\svchost.exe.
And this is the second:
5/12/2009 2:47:25 μμ Real-time file system protection file C:\Windows\TEMP\rnpx.tmp\svchost.exe Win32/Kryptik.BHG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\System32\svchost.exe.
I have scanned with nod32, with malwarebyte's antimalware and deleted what these found.
I also scanned with superantispyware and it found this one:
Trojan.Dropper/SVCHost-Fake
What can I do?
This is the Nod32 Log file until now:
5/12/2009 3:02:31 μμ Real-time file system protection file C:\Windows\TEMP\xqoe.tmp\svchost.exe Win32/Kryptik.BHG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\System32\svchost.exe.
5/12/2009 3:02:31 μμ HTTP filter file http://91.212.226.178/anime3CL.exe Win32/Kryptik.BHG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Windows\System32\svchost.exe.
5/12/2009 2:57:29 μμ Real-time file system protection file C:\Windows\TEMP\rlfc.tmp\svchost.exe Win32/Kryptik.BHG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\System32\svchost.exe.
5/12/2009 2:57:28 μμ HTTP filter file http://91.212.226.178/anime3CL.exe Win32/Kryptik.BHG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Windows\System32\svchost.exe.
5/12/2009 2:52:26 μμ Real-time file system protection file C:\Windows\TEMP\ntet.tmp\svchost.exe Win32/Kryptik.BHG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\System32\svchost.exe.
5/12/2009 2:52:26 μμ HTTP filter file http://91.212.226.178/anime3CL.exe Win32/Kryptik.BHG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Windows\System32\svchost.exe.
5/12/2009 2:47:25 μμ Real-time file system protection file C:\Windows\TEMP\rnpx.tmp\svchost.exe Win32/Kryptik.BHG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\System32\svchost.exe.
5/12/2009 2:47:23 μμ HTTP filter file http://91.212.226.178/anime3CL.exe Win32/Kryptik.BHG trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\Windows\System32\svchost.exe.
NEW EDIT:
The problem has stopped for a few days but today again I got the same message from nod32.
This is the log:
10/12/2009 9:06:51 μμ Real-time file system protection file C:\$RECYCLE.BIN\S-1-5-21-554481470-3224669014-3345837826-1001\$R7RIEKP.tmp a variant of Win32/Kryptik.BJM trojan cleaned by deleting - quarantined Χρήστος-PC\Χρήστος Event occurred on a file modified by the application: C:\Windows\explorer.exe.
10/12/2009 9:04:09 μμ Startup scanner file C:\Windows\TEMP\pxno.tmp\svchost.exe a variant of Win32/Kryptik.BJM trojan cleaned by deleting - quarantined
Thank you for your time.
Edited by pspuser007, 10 December 2009 - 01:22 PM.