. . .
morning all,
I am running Win 7 Starter SP1 with all updates included. Nearly all of my drivers are up to date, except for the sound card, Flash Player ActiveX, Flash Player Plugin and Microsoft DirectX Runtime.
The reason for these not being updated is due to poor connectivity, with IoBit driver updater continually stalling at around 65% - 75% for the above, collectively and individually.
Poor connectivity may or may not be connected to SpamHaus / CBL listing my dynamic IPs as, firstly, suffering infection with, in order of infection, ZeroAccess, Sirefef, Tinba and now Asprox.
These infections were somehow picked up despite all drivers being uptodate, Avast installed and uptodate, and Malwarebytes Free being run for regular checks. I disconnected my LAN and did a clean install of Win7 (complete wipe) and, while that was happening, reset my router to factory settings and changed the passwords - although not the advanced login which I only found out about since. This has since been changed after another router reset.
The Asprox infection lookup at SpamHaus / CBL returned after a few days of not registering anything. As the IP changes, the infection disappears, then returns.
In researching the malware, I dug into AV-comparitive and AV-tests and saw that both listed Bitdefender as their best preventative and removal options, along with Malwarebytes. So I installed Bitdefender Free instead of Avast.
Once installed, Bitdefender continually advised that it was "Updating for the First Time" and the version stayed the same at 1.0.21.1099.
Today, I attempted to download the ZeroAccess removal tool, not having found anything for Asprox. Once downloaded, an installation attempt gave the error of "Could not drop drivers". I have not been able to find any reference to this error anywhere else online.
The free online scan does not show any sign of infection. Malwarebytes would not update in normal mode so I did it in safe mode, and it did not show any sign of infection. But once I tried to run Malwarebytes in normal mode again, there was no sign of the update, and, again, it would not update in normal mode. The MWB version is v2014.09.19.05.
Finally, a check just now of SpamHaus CBL seems to show that the former infection is fading, in that it was over two days ago, and no longer lists any specific infection by name, as it did previously:
"It was last detected at 2014-10-20 13:00 GMT (+/- 30 minutes), approximately 2 days, 9 hours, 30 minutes ago."
many thanks for anyone able to advise on next steps.
LNL
*LiveNotLive refers to a failure by live.com to properly receive verification from Bitdefender forums - a new application under a gmail address turned up instantly. Maybe something for BT to look into with Microsoft.
. . .
