Undetectable backdoor / Thread 2

Thanks to all for your replies. I will try as soon as possible the rootkit 
detection (as soon as I find out what it is :) ) I got a lot of good links 
and I will try them when I get home.

I will clarify some things because I got a lot of emails asking me the same 
things.
1. Yes, I did try a firewall to patch the problem. Now ZoneAlarm is 
prohibiting winlogon.exe from communicating on the internet and it works. 
However, it still tries to connect periodically to https.manwithnoname.biz
2. No, this is not Mitgl.DQ.1 trojan, but it does seems to be from the same 
author.
3. No, I didn't do a clean Windows install after reformat. I did a Repair. I 
don't have the time to reinstall Windows. My system is actually a Windows 98 
system that worked fine for about 5 or 6 years then I've upgraded to Windows 
XP two years ago. I will NOT do a clean Windows install, nor will I forget 
about Windows or Internet Explorer. If the Repair option doesn't replace all 
the Windows files, though, you might be on to something. Is that so?
4. RootKit. I will investigate this avenue. I haven't before, though, so 
thanks for giving me this direction for research. Why aren't the anti-virus 
and anti-spyware programs that I've tried doing this, though?
5. Winlogon.exe is NOT modified.
6. I've cleaned SpySheriff already. This is not SpySheriff, but it came in 
the same bundle. Must be a new spyware marketing strategy :)

Thanks again for all the replies, I will respond to each of the sample and 
registry and log requests as soon as I get home.

____________
Costin Manda
ECRM Europe