ardamax is over but something else just appeared avast detected In C:/Program Files/Internet Explorer/ods.exe and in the same folder msn.exe help
What was the malware name given ?
This could be cloaked malware so it might have other elements and avast is detecting the file creation but not what is creating them. What is your firewall ?
What does the MBAM scan log say ?
Win32:Trojan-Gen{Other}
Windows firewall
Malwarebytes' Anti-Malware 1.37
Database version: 2249
Windows 5.1.2600 Service Pack 3
08/06/2009 5:18:49 PM
mbam-log-2009-06-08 (17-18-49).txt
Scan type: Quick Scan
Objects scanned: 78858
Time elapsed: 17 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{f710fa10-2031-3106-8872-93a2b5c5c620} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{f710fa10-2031-3106-8872-93a2b5c5c620} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Backdoor.Bot) -> Delete on reboot.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\ntos.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Delete on reboot.
Files Infected:
c:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ntos.exe (Backdoor.Bot) -> Delete on reboot.
C:\Program Files\Internet Explorer\ods.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\stm.exe (Trojan.Agent) -> Quarantined and deleted successfully.