KB73573886.exe - recurring virus

[rdevai]

Hi,

Yesterday, I suddenly got a virus into my computer and the virus keeps coming in every 5 or 7 minutes. I've tried to remove them (several files) from the system32 folder, but it does not allow me to do so.

Avast on scanner stops these viruses and displays a message saying that:

C:\WINDOWS\system32\KB20737658.exe contains sample of Win32:Agent-ITD [Trj]

These are some variations:

C:\WINDOWS\system32\KB73573886.exe
Win32:Small-EQY [Trj]
Trojan Horse

C:\WINDOWS\system32\KB15353256.exe
Win32:Small-EQY {Trj]
Trojan Horse

It seems it changes the KB# every time it pops up. I've been moving them to chest, but they keep coming in.

Can anybody help me out, please?

I appreciate it,

Ricardo

[FreewheelinFrank]

Hi Ricardo,

There are quite a few different scans you can try if the malware keeps coming back.

Look for and remove rootkits (hidden malware):

Panda Antirootkit
Blacklight
AVG Anti-Rootkit

Try a boot time scan with avast! Right click the scanner screen, select 'schedule a boot time scan' and reboot when requested.

Try a scan with DrWeb CureIT!

Try the usual free adware/spyware scanners.

AVG Anti-Spyware Free (Requires Win2k/XP)
Ad-Aware Free
Spybot Search & Destroy
SUPERAntiSpyware Free
a-Squared Free

Download, install and update all the programs. Disconnect from the internet (pull the plug) before running scans in Safe Mode if possible.

Always select the option to quarantine any malware found rather than delete it, then you will be able to restore files or registry entries wrongly identified as malware- a rare but not unknown event for any malware scanner.

Try some online scans. (Disable avast! while scanning.)

F-Secure
BitDefender
Panda
Trend Micro Housecall

If still having problems, post a HijackThis! log.

When you have finished, scan for out-of-date and insecure software using Secunia Software Inspector.