My server "eek" infected log file.
C:\Documents and Settings\guest\Local Settings\Temporary Internet Files\Content.IE5\08OY4ZCO\zxarps[1].exe => zxarps[1].exe.Vir
C:\Documents and Settings\guest\Local Settings\Temporary Internet Files\Content.IE5\BNG5HIDH\zxarps[1].exe => zxarps[1].exe.Vir.0
C:\WINNT\addins\zxarps..exe => zxarps..exe.Vir
C:\WINNT\addins\070511ARPgjb\ARP?????\zxarps..exe => zxarps..exe.Vir.0

I search for zxarps.exe in google I get all these mandarin chinese pages.

Dont know if this is any good to you Phelyx, found it on Google and 'translated page'

http://translate.google.com/translate?hl=en&sl=zh-CN&u=http://www.china568.com/article/14/15/2007-06-30/200706301239_2.html&sa=X&oi=translate&resnum=5&ct=result&prev=/search%3Fq%3Dzxarps.exe%26start%3D10%26hl%3Den%26s a%3DN

http://www.teamfurry.com/wordpress/2007/08/29/zxarps/

Not good

There’s a nifty (or nasty, depends on which side you are on) tool being offered for download. The tool (called zxarps) is a hacking tool mostly used in China.


The only english hit for the tool is a description on McAfee’s website. The tool, even though not malicious itself, can be used for malicious purposes. It need winpcap to be installed on the machine, and it uses the winpcap to sniff network data, poison ARP caches and modify webpages on the fly. So, basically, it a tool to perform MITM (Man In The Middle) attacks.

I saw the Winpcap, and I know what that does... so I uninstalled it as soon as i saw that. I'm just upset cause I got woken by my boss this morning to deal with this problem.

Edit:
http://www.anniemayhem.com/blog%20pics/500TH.jpg

What about removing them using HJT??