Hi Folks,
If you are getting repeated warnings from your Antivirus and/or system messages, like "Data Exception Protection", it's probable that your system is infected with a Trojan that's persistent and keeps attempting to infect from that China site. From Google's analysis, it's apparent that there are muliple possible trojans and downloaded viruses involved. Some may be very diffcult or nearly impossible to clean 100%. After recognizing that possibility, here's what I did with one XP system that did get infected and needed a restore.
1. I removed/unplugged the system from the network, i.e. the persistent route of infection is from the China site. That at least breaks the connection for added infection and/or theft of personal info.
2. I rebooted the system to Safe Mode (press and hold F8 key during boot for menu).
3. I used System Restore to restore to a point prior to the infection, as follows:
3a. From Desktop, select Start -> All Programs -> Accessories -> System Tools -> System Restore
3b. From the Welcome to System Restore window, select "Restore my computer to an earler time" (default) and "Next>" button.
3c. From the Select a Restore Point window, you'll see a Calendar where the bolded dates indicate the system has available restore points. Select an available date prior to the probable infection. February 18th or earlier should be Safe, given the reports started on the 20th. Select "Next>" button and continue.
3d. The restore should commence with a final reboot when complete.
4. On reboot, goto System Properties, Remote Tab, and unSelect "Remote Assistance" and "Remote Desktop" features (precautions).
4a. (UPDATE: added 2/24) Follow steps posted on this thread by Auctiva Mike to clear your browser cache. Note, I did do this step and forgot to add it to my original post. Thanks to the person who started this thread for the warning on route of infection.
https://community.auctiva.com/e...?r=92410481#92410481
5. Run checks including Microsoft's Malicious Software Removal Tool to verify or their One Care Safety Scanner. Reconnect to the net to get the tools.
http://www.microsoft.com/secur...eremove/default.mspx
Any new programs or updates installed post the recovery will require reinstall.
Any data, eMail, etc. should be retained post restore without a problem.
Hope this helps those with badly infected XP or Vista systems.
(UPDATE: added 2/24) Please follow advise posted my Mike and Kevin at Auctiva. I'm offering this procedure as another alternative, not an officially sanctioned method by Auctiva.
Danno