Ok, I have run loads of anti spyware / malware scans. In safe mode the following have been run:
LavaSoft AdAware : Full Scan - Results
- Win32.Trojan.AdClicker : 'removed'.
- Win32.Trojan.Agent : 'Quarantined'
- Win32.Trojan.Crypt : 'Quarantined'
- Win32.TrojanDownloader.Agent : 'Quarantined * 2'
- Cookies 170 : 'removed'
Spybot Search & Destroy : Full Scan - Results
Can't access log of what was removed but all was removed successfully - I have run again and nothing found.
Spybot Search & Destroy : Full Scan - Results
Scan log:
Malwarebytes Anti-Malware : Full Scan - Results
[cpp]Malwarebytes' Anti-Malware 1.44
Database version: 3519
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
12/01/2010 08:55:58
mbam-log-2010-01-12 (08-55-58).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 688403
Time elapsed: 7 hour(s), 10 minute(s), 17 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\SDFix\dummy.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\SDFix\apps\dummy.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D3A5CE20-4511-4B1E-92F8-4E10323EE8BF}\RP39\A0012808.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D3A5CE20-4511-4B1E-92F8-4E10323EE8BF}\RP39\A0012809.sys (Malware.Trace) -> Quarantined and deleted successfully.
[/cpp]
Afterwards ran the tool here (in safe mode) : SDFix
http://www.bleepingcomputer.com/forums/topic131299.html
The report said 'No Trojan Files Found'.
I'm pretty sure im free of Malware / Spyware now. However, since I logged back in - 20 mins ago, about 10 sh.exe and 7 ssh.exe have started. Argh!
If it helps the previous computer user was fighting this problem and said something about a Firefox memory leak because of one of its plugins. However I havent even run Firefox or WinSCP since ive booted up!
Thanks for the help so far.