Thanks. Here are the results from JOTTI:
AntiVir Found Worm/Robobot
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Trojan.Downloader.ZT
ClamAV Found nothing
Dr.Web Found Trojan.DownLoader.3918
F-Prot Antivirus Found unknown virus (probable variant)
Fortinet Found W32/Dedler.fam-net
Kaspersky Anti-Virus Found Backdoor.Win32.Robobot.ap
NOD32 Found Win32/Robobot
Norman Virus Control Found Sandbox: W32/Downloader;
UNA Found Backdoor.Robobot
VBA32 Found Trojan.DownLoader.3918
Info I found out about the malware:
* Creating several executable files on hard-drive.
* File length: 42054 bytes.
[ Changes to filesystem ]
* Deletes file autorun.inf.
* Creates file C:\WINDOWS\System\SMSS.EXE.
* Creates file C:\TEMP\upd_0002.exe.
[ Changes to registry ]
* Creates value "smss"="C:\WINDOWS\System\SMSS.EXE" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
* Deletes value "KAVPersonal50" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
[ Network services ]
* Opens URL:
http://upseek.org/u/upd_0002.exe.
* Connects to "CONFIGURED_DNS" on port 53 (IP).
* Uses unsupported DNS query.
[ Network ]
* **Uses IPHLPAPI services.
[ Security issues ]
* Starting downloaded file - potential security problem.
* Possible backdoor functionality [UNKNOWN] port 1108.
[ Process/window information ]
* Creates a mutex 6534C64A-Z454-122E-BFC6-083C2BF4S551.
* Will automatically restart after boot (I'll be back...).