I'd see how others weigh in and then do the usual scans with Trojan Hunter and/or Free AVG AntiSpyware. As you can read in the link that recent WMF exploit renewed this trojan.
My set-up consists of WinXP Pro/SP2 with all updates current, I am running AdAware SE Pro, Nod32 2.7, and Sygate PSF 5.5. On the Traffic log, I recently noticed activity trying to go out of my computer that I did not recognize. The name of the suspicious activity is g0ogle.ath.cx (184.108.40.206) and is trying to exit my computer on remote port 2000(CALLBOOK). So far, my firewall has blocked a few thousand of these requests. Does anyone know what that is, and perhaps how to get rid of it?
I did a WhoIs query, got an email address supposedly going to the administrator of the suspect IP address, but when I sent a request to them, it was ignored.
Scans in safe mode do not produce any suspects.
Downloaded and installed the trial version of CounterSpy. Scanned my computer and found 1 infection, (BifRose) with backdoor capabilities. Removed the infection, and the virus type activity ceased. Ran the CounterSpy again, in Safe Mode, and all was clear.
Still have no clue where it came from. Still no response from the domain listed in WhoIs as the administrator.
Your favorite shows are back!
Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!