I have installed the Sygate firewall which monitors all outward and inward traffic. About every 15 minutes it gives this warning:

Internet Exlorer is trying to make a remote connection to the domain, "tat-neftbank.ru".

Sygate then gives futher details:

File Version : 6.00.2800.1106 (xpsp1.020828-1920)
File Description : Internet Explorer (iexplore.exe)
File Path : C:\Program Files\Internet Explorer\iexplore.exe
Process ID : 0x270 (Heximal) 624 (Decimal)

Connection origin : local initiated
Protocol : TCP
Local Address : 213.233.146.139
Local Port : 3036
Remote Name : tat-neftbank.ru
Remote Address : 218.30.21.236
Remote Port : 80 (HTTP - World Wide Web)

Spy Doctor and AVG are also installed, but they have failed to track the source of the entity activating the browser.

Thanks for your help

Philip

Hi Plilip

It would be best if you posted your hijackthis log to one of the forums that still help with it.
It became too overwhelming here and so none look at those ijackthis logs here at Wilders anymore.


Bruce

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.berbew.h.html



***stolen information is passed to the attacker by sending HTTP query strings. Configuration data may also be uploaded through the Web to a predetermined URL, at the domain, tat-neftbank.ru.
************

TOOL TO REMOVE: SEE>


http://securityresponse.symantec.com/avcenter/venc/data/backdoor.berbew.i.html