> I checked the registry and didn't see anything suspicious looking. Also checked the > processes under Task Manager and didn't see anything weird there either. > > I did turn on PeerBlock though and saw this strange IP address that my computer > seemed to connect to right about the same time the viruses appear. Turns out it is in > Argentina. I have now blocked that IP, and the virus hasn't come back since. My > computer is still trying to connect to that IP every few minutes through a different > port though. This thing must be it. But how do I figure out what program is making > that outgoing request to that IP?
Maybe it's a running service and not a run on startup program. Type "services.msc" in a command prompt and check if you see anything unusual. It could also be a rootkit, that will be a bit harder to detect.
|