Hi,
My PC has somehow picked up a virus, which has been sending out tonnes of spam for some time
I am so careful, virus-scanning all downloads, keeping Windows up-to-date etc., I'm the first person friends and family turn to when they get their PCs in a mess, and in nearly a decade online I've never previously had so much as a spyware infection, let alone a spambot!
This has really shocked me and I have no idea how it got onto my PC, still less how to track it down and remove it. (I only know it's here because the Avast On-Access Scanner window was showing a new outgoing message every few seconds (under 'Last scanned') with awful Subjects like "Important security information for your bank account" and so forth.)
Since discovering it I have been blocking traffic carefully so I'm no longer spamming, and have tried System Restore to one and two months ago but it didn't work, so then I disabled System Restore in case the virus was hiding in the restore files.
A Thorough Scan with Avast didn't find anything, and nor has Kaspersky's Online Scanner. Windows Defender also failed to find anything, as did Spybot - Search and Destroy.
Finally, through a complicated chain of investigation I have determined the following:
1. The process making the connections to send the spam is svchost.exe.
2. It tries to connect from ports in the 3000 range on my PC to HTTP ports on a range of remote servers such as stormpay.com, leapcash.com and missoula.servershost.net. I guess these are compromised web servers or something.
3. If I disable the "DCOM Server Process Launcher" (path: "C:\WINDOWS\system32\svchost -k DcomLaunch") in the Windows Services list, on the next reboot the connection attempts are no longer made. This is an important system service, though, so I can't just leave this disabled to work around the problem!
Can anyone help me identify what's behind this problem, why Avast (and other scanners) are not picking up on it, and most importantly what I can do to stop this happening and thoroughly clean my computer of this malware?
Thanks in advance everyone!