PSA: I suspect a link between axfreeporn and Agent.awf. Read here.

I have the axfreeporn dialer, it started happening in early March. I also had an issue when I boot my computer about 15 IExplorer processes kept launching.

I didn't discover until FINALLY AVG Anti-Spyware detected some of the infected files with the 3/15 update that I had Downloader.Agent.AWF

This thing is brutal because it replaces some of your startup items with new malicious versions. So in other words, a HiJack This log looks completely normal. Files like cli.exe for ATI video cards and PRoNoMgr.exe and various Creative soundcard files. It makes new versious that are 38.0k and places the old versions in a "bak" directory inside the same directory as the file. Do a Find Files or Directories search for "bak" and you may find you have some.

Nothing picked up on these files, which are dated for me January 17th until just recently on 3/15 where AVG found SOME of them. I still have more that AVG missed.

Now I don't know if the two are related but it would seem possible as I've seen another person on this forum with both.

Also, another clue is the IP 88.80.5.21. If you have axfreeporn dialer, you will see this in your history. I'm going to try putting this in my restricted site and see what happens.

Hope this can help the experts here.

Finally, I HATE MALWARE.

 

I wonder what program was downloaded, site visited or email opened by all those infected?