Recently I have encountered Malware originating from Belgium. From a fresh boot of my Windows XP machine I get a delay on my Windows Firewall starting with a warning message. Once I start IE a short time later AVG catches a Trojan virus trying to load as svchost.exe. After repeated cleaning and scanning with AVG and Malwarebytes the problem persists. Running CPorts on the machine showed me a message being sent to one of the following: 184.108.40.206-107 (i106.panamamails.com) and 220.127.116.11. Shortly after one of these messages were sent I would receive another notification of virus activity from AVG on the computer. I added the following two entries into my computer at the MSDOS prompt: C:\>route add 18.104.22.168 mask 255.255.255.0 192.168.111.66 -p C:\>route add 22.214.171.124 mask 255.255.255.0 192.168.111.66 -p Note: 192.168.111.66 is an unused IP address on my subnet. This stopped the trojan virus activity by directing its send messages to a black hole. I sent an email to 126.96.36.199 's ISP, firstname.lastname@example.org. This will suspend the virus activity while you continue to clean your machine.