Sorry for the late answer to all the people sent me solutions.
At the end kaspersky AV found the virus and deleted it.
I know it will be nice I'll post the name of the virus, but due to the
overwork and other problems I forgot to write down the name.
So I'm very sorry for not posting it.
Thanks for all the answers I received.
El vie, 28-09-2007 a las 10:44 +0200, Isaac Perez Moncho escribiÃ:
Hello all,
I have a computer infected with a virus that act like this:
explorer.exe start opening smtp connections to several ip's and url's
until it exceed the tcp limit of windows xp sp2.
If I kill explorer.exe and run again from task manager the virus doesn't
run anymore until reboot.
It seems that the booting process of windows pass a parameter to
explorer for launch the virus. But not found anything interesting or
clear in the registry or boot.
I used nod32 and panda active scan for cleaning with no result. I alsoo
used spybot, adaware and superantispyware with the same null result.
Any ideas?
Thanks
--
http://www.sans.org/staysharp/details.php?id=7931
Isaac Perez Moncho
GSEC, SSP-GHD, SSP-MPA, SSP-CNSA Microsoft MCP.
JPL TSolucio S.L
www.tsolucio.com
---------------------------------------------------------------------------
This list is sponsored by: Black Hat
Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier
technical event for ICT security experts. Featuring 30 hands-on training
courses and 90 Briefings presentations with lots of new content and new
tools. Network with 4,000 delegates from 70 nations. Visit product
displays by 30 top sponsors in a relaxed setting.
http://www.blackhat.com
---------------------------------------------------------------------------
