Recently I have encountered Malware originating from Belgium.
From a fresh boot of my Windows XP machine I get a delay on my Windows Firewall starting with a warning message. Once I start IE a short time later AVG catches a Trojan virus trying to load as svchost.exe.
After repeated cleaning and scanning with AVG and Malwarebytes the problem persists.
Running CPorts on the machine showed me a message being sent to one of the following: 213.163.89.104-107 (i106.panamamails.com) and 188.72.230.49.
Shortly after one of these messages were sent I would receive another notification of virus activity from AVG on the computer.
I added the following two entries into my computer at the MSDOS prompt:
C:\>route add 213.163.89.0 mask 255.255.255.0 192.168.111.66 -p
C:\>route add 188.72.230.0 mask 255.255.255.0 192.168.111.66 -p
Note: 192.168.111.66 is an unused IP address on my subnet.
This stopped the trojan virus activity by directing its send messages to a black hole. I sent an email to 188.72.230.49 's ISP, abuse@netdirekt.de.
This will suspend the virus activity while you continue to clean your machine.
From a fresh boot of my Windows XP machine I get a delay on my Windows Firewall starting with a warning message. Once I start IE a short time later AVG catches a Trojan virus trying to load as svchost.exe.
After repeated cleaning and scanning with AVG and Malwarebytes the problem persists.
Running CPorts on the machine showed me a message being sent to one of the following: 213.163.89.104-107 (i106.panamamails.com) and 188.72.230.49.
Shortly after one of these messages were sent I would receive another notification of virus activity from AVG on the computer.
I added the following two entries into my computer at the MSDOS prompt:
C:\>route add 213.163.89.0 mask 255.255.255.0 192.168.111.66 -p
C:\>route add 188.72.230.0 mask 255.255.255.0 192.168.111.66 -p
Note: 192.168.111.66 is an unused IP address on my subnet.
This stopped the trojan virus activity by directing its send messages to a black hole. I sent an email to 188.72.230.49 's ISP, abuse@netdirekt.de.
This will suspend the virus activity while you continue to clean your machine.