Took a while, the net is slow and had to translate a couple of pages.
Only thing I found points to it being Worm.P2P.SpyBot.gen
Found Here
Worm.P2P.SpyBot.gen and what
Symantec Security Response has to say about it.
Hello,
the file C:\WINDOWS\System32 \ WUXAT.EXE , which is started here:
O4 - HKLM\..\Run: [ Configuration default ] WUXAT.EXE
the only case of Trojan inheritance seems to be. One must itself however in the clear one over it
its that each infestation is not to be recognized by a HJT log file. The others
Entries are OK ONE, but theoretically these files could overwritten
its, particularly it itself with Worm.P2P.SpyBot.gen around a Backdoor Trojaner
acts, i.e. if it is active, it opens a "back door" on your system,
announces themselves at IRC servers and expects instructions. It is also able
To store and dispatch if necessary keyboard layouts. Whether he did that, I know
not, you know not, white nobody. For me it became personal as cause for a formatting and a new installation is enough, because it me simply too riskily
it would be that he was nevertheless active or is.
On the other side the process typical for this Trojaner is missing with you
SVC host s (with s). Whether that is a rather good or bad indication, can
I do not say.
The decision is with you.
If you should decide nevertheless for a repair attempt, you find
hier eine
genaue Beschreibung und Möglichkeiten der manuellen Bereinigung der registry
und der zu löschenden Dateien - aber sicher sein kannst Du danach nicht mehr,
daß niemand "mithört"...
Gruß,
ixus
