Hi, i've managed to get myself some trojan or bot that i'm having difficulty getting rid of.
i've attached logs from HJT, my sygate traffic log and a filemon log.
sygate recently started informing me that explorer was trying to access a remote address so i blocked it and started hunting down the source, neither AntiVir or AVG could find anything on a full system scan. Spybot couldnt either and neither did hijack this show up anything unusual but my sygate and router traffic logs(when sygate was disabled) showed something port cycling and sending packets to halligan.mediafire.org.
i ran filemon for a bit and noticed sygate inspecting koos.exe in the system32 folder yet its not visible if i browse to it, but the poof driver file is. i installed security task manager which showed koos.exe as a hidden process.
Sygate successfully blocked the outbound traffic to start with while i tried to track down the problem but now sygate is still blocking the original outbound tcp but my router's showing new activity that i'm unable to trace the source of at all.
Any help at all would be a godsend.
EDIT: avg anti-rootkit produced no results at all btw.
i've attached logs from HJT, my sygate traffic log and a filemon log.
sygate recently started informing me that explorer was trying to access a remote address so i blocked it and started hunting down the source, neither AntiVir or AVG could find anything on a full system scan. Spybot couldnt either and neither did hijack this show up anything unusual but my sygate and router traffic logs(when sygate was disabled) showed something port cycling and sending packets to halligan.mediafire.org.
i ran filemon for a bit and noticed sygate inspecting koos.exe in the system32 folder yet its not visible if i browse to it, but the poof driver file is. i installed security task manager which showed koos.exe as a hidden process.
Sygate successfully blocked the outbound traffic to start with while i tried to track down the problem but now sygate is still blocking the original outbound tcp but my router's showing new activity that i'm unable to trace the source of at all.
Any help at all would be a godsend.
EDIT: avg anti-rootkit produced no results at all btw.