Hi,
My PC started acting weird getting a Windows Data Execution Protection message and Avast complaining about utwtbw.drv, after Avast deleted the utwbtw.drv the computer was automatically restarted. After repeated scans using Avast during boot up and the same file being found. I ran HiJackThis 2.0.3 (beta) which highlighted the siszyd32.exe which I removed, after a reboot it was back as normal.
Checking my Firewalled Router, I found that my computer was now sending SPAM email which I blocked on the Router. However I also noted a strange network address, checking my computer I found that my VirtualBox network interface had changed its IP address and was connecting to a P2P network.
In an effort to clean my computer, I booted it using Ubuntu Linux from the CD, upgraded the ClamAV antivirus to the latest edition using
$ sudo apt-get install clamav
and then scanned the mounted Windows XP filesystem using
$ clamscan -r *
ClamAV found three viruses undetected Avast and removed them. I also removed all instances of siszyd32.exe and utwbtw.drv. I rebooted back into Windows making sure it was disconnected from the network checked the network status and found it was stilling attempting network connections. I then removed VirtualBox and checked again, still there was traffic.
After making sure the computer was blocked from accessing the internet on the router I reconected it and monitored it immediately it attempted to connect to a P2P network. If I leave the computer connected to the internet it will have a virus load re-installed.
Hope that help in finding a solution.
Update
After downloading MalwareBytes on partners OpenSolaris desktop and transferring it via USB stick to install on the Windows XP computer it has found an infected object within seven minutes.
Update 2
It appears that my Firewall Router was not configured securely enough to stop an external firewall policy from being added giving direct access to the Windows PC. The Zyxel Router default settings needed specific rules to stop external traffic from gaining access to the Router's WAN ports.
