Hello guys, I just became aware of this when friends on my msn messenger list (using 2009 version) told me I started sending them a spam message.
The message was "Hot! Hot! (website was isexsexsex)" obviously it was an attack site, but what puzzled me was HOW I was sending it.
It happens when I sign in, it doesn't happen anytime I'm offline.
Looking at my process list I find a process called "antit.exe" that I didn't recognize as anything and found out from google it was malware, so I delete the jerk in safe mode (and the registries it has) only to find it come back 5 minutes later on startup. (At one point I saw 0.exe pop up on the process list, then disappear, leaving antit.exe running)
And the trick to finding antit.exe (for some reason there is no 0.exe in sys) is to go to folder options and to see hidden SYSTEM files. It's being treated as a system file, which makes me wonder if that's why Spybot resident doesn't complain in paranoid mode because it just lets the thing install itself.
Spybot doesn't have anything like this in its database, it's useless. I also tried AVG, it recognizes the antit.dll as a threat and removes it, but thats about it, next start up it will only come back. Even if you kill the process you have to delete the files in safe mode because it says its still being used.
I checked some database sites, apparently this thing is fairly new, hence not showing up on most scanners or programs, and when they do, they just delete the dll and exe which doesn't solve the problem.
Another thing is apparently I spam the message on msn even when the antit.exe ISN'T running!
I tried almost all the resources I can get, now I need professional help. Please help me out? Thank you in advance.
I completed the 8 steps without any problems except for the fact the thing keeps coming back. SUPERAntiSpyware was able to find more then the others did, but it still came back..
The message was "Hot! Hot! (website was isexsexsex)" obviously it was an attack site, but what puzzled me was HOW I was sending it.
It happens when I sign in, it doesn't happen anytime I'm offline.
Looking at my process list I find a process called "antit.exe" that I didn't recognize as anything and found out from google it was malware, so I delete the jerk in safe mode (and the registries it has) only to find it come back 5 minutes later on startup. (At one point I saw 0.exe pop up on the process list, then disappear, leaving antit.exe running)
And the trick to finding antit.exe (for some reason there is no 0.exe in sys) is to go to folder options and to see hidden SYSTEM files. It's being treated as a system file, which makes me wonder if that's why Spybot resident doesn't complain in paranoid mode because it just lets the thing install itself.
Spybot doesn't have anything like this in its database, it's useless. I also tried AVG, it recognizes the antit.dll as a threat and removes it, but thats about it, next start up it will only come back. Even if you kill the process you have to delete the files in safe mode because it says its still being used.
I checked some database sites, apparently this thing is fairly new, hence not showing up on most scanners or programs, and when they do, they just delete the dll and exe which doesn't solve the problem.
Another thing is apparently I spam the message on msn even when the antit.exe ISN'T running!
I tried almost all the resources I can get, now I need professional help. Please help me out? Thank you in advance.
I completed the 8 steps without any problems except for the fact the thing keeps coming back. SUPERAntiSpyware was able to find more then the others did, but it still came back..