Hello,
first, thanks a lot for all your help (:WAV).
Never used Kapersky AV, used McAfee before Comodo but it never detected this Trojan.
ClamWinAV found it first and Comodo found it also. The results on the AV-scanner sites are very different, any AV-Company uses different names for the same trojans and some marked the file uninfected.
I will post a result at the end of this post.
The Trojan seems to be kinda silent-active, i have all the registry entries mentioned on the Avira-Trojan-description (smss.exe, svchost.exe, nvsvcd.exe - checked via regedit).
Also got the file smss.exe and nvsvcd.exe in the system32 folder.
Restored the file again to be able to access it, shut down on-access scanner and drag/drop it in the BOClean Screen, but nothing happened.
Restarted my PC, cause i thought maybe BOCleaner will remove it automatically then … but nothing happened again.
I guess even if CAV quarantines the nvsvcd.exe, the trojan is still active via the smss.exe, so he gonna trick anything, that’s how i understood the trojan description :D.
Any ideas for the removal? I gonna have a bad feeling knowing i got a ‘sleeper-horse’ on my HD :P.
For more information, here’s the Hijackthis.log [attached text file].
Have a nice day and hopefully we can get this ■■■■ thing away, let’s smash it.
Greetings
Pflaume
Forgot: I don’t know where i got this horsie from, maybe i have it for quite some time yet cause the McAfee never detected it and Agent.Xu is also the name of the Trojan by Comodo AV.
~Mod replaced HJT log with text file to reduce lengthy post~
[attachment deleted by admin]