Jop so ist es. Diese all.exe taucht im Taskmanager immer 1 Minute vorm disconnect auf, disconnectet mich und beendet sich wieder. Dabei kopiert es sich während des Vorgangs in den Ordner WINDOWS\system32\ShellExt und nachdem es aus dem Task Manager verschwunden ist, ist es auch aus dem Ordner verschwunden. Im WINDOWS\Prefetch gibts die Datei auch, aber das Löschen bringt nichts.
Ich hab AntiVir drauf. Eben update gezogen und drüber laufen lassen. Hat aber nichts gefunden. Die Durchsuchung der Registry hat auch nichts gebracht.
HILFE ;(

Das habe ich gefunden:

Beschreibung:

This encrypted, memory-resident file infector is dropped by the mass-mailer WORM_KLEZ.H and WORM_KLEZ.I. It infects all .EXE and .SCR files in all local and shared network drives. It uses several anti-debugging techniques and infects all running processes.This virus has no destructive payloads. This cavity-type virus inserts itself into unused spaces within a target file. When there are no free spaces available, it attaches its code at the end of the file. It runs on Window 95, 98, ME, and XP.


Lösung:

AUTOMATIC REMOVAL INSTRUCTIONS To automatically remove this malware from your system, please use TREND MICRO Damage Cleanup Services. MANUAL REMOVAL INSTRUCTIONS Before proceeding, disconnect your computer from the network. This is to prevent acquiring the virus while cleaning is in progress. Additional Windows ME/XP Cleaning Instructions Restarting in Safe Mode
This step is necessary to ensure that only necessary files are loaded at startup. » On Windows 95

1. Restart your computer.
2. Press F8 at the Starting Windows 95 message.
3. Choose Safe Mode from the Windows 95 Startup Menu then press Enter.

» On Windows 98 and ME

1. Restart your computer.
2. Press the CTRL key until the Windows 98 startup menu appears.
3. Choose the Safe Mode option then press Enter.

» On Windows XP

1. Restart your computer.
2. Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen.
3. Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.

Running TREND MICRO AntivirusScan your system with TREND MICRO antivirus and clean all files detected as PE_ELKERN.D. To do this, TREND MICRO customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, TREND MICRO's free online virus scanner. Check the log file and verify that all infected files are cleaned or deleted. Restart the System Repeat scanning your system with TREND MICRO antivirus. If any files are still detected as PE_ELKERN.D, it means that the virus is resident and is reinfecting the files. If this is the case, use the Trend System Cleaner (TSC) for Automatic Removal. TSC is capable of terminating infected processes to prevent reinfection.


Hier der Link:

http://no.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=PE_ELKERN.D


google spuckt da einiges aus....

gruß

und frohes fest

trunks