Have you checked for any startup programs that should not be there or strange starup items. Also don't be fooled by what looks like a real folder name like Logitech etc. This trojan is good at hiding and can use any program it can use to attach itself onto and use it to broadcast or to capture data. See in my case it may have used Itunes and IE but who knows what other programs it can use too and i'm guessing the trojan and virus writers know many people have these programs installed and things like Logitech software. Just look for anything strange starting up with your system be it an exe or dlll injected into the system.
This is basically what it is called by Panda security, how it works and what it does. (I have a feeling the trojan has been updated since and may work in a slightly different way from when it was first spotted in the wild)
http://www.pandasecurity.com/homeusers/security-info/195131/Trj/CI.A/
Common name: Trj/CI.A
Technical name: Trj/CI.A
Threat level: Medium
Type: Trojan
Effects: It allows to get into the affected computer.It does not spread automatically using its own means.
Affected platforms:
Windows 2003/XP/2000/NT/ME/98/95
First detected on: June 16, 2008
Detection updated on: June 16, 2008
Statistics No
Brief Description
Trj/CI.A is a Trojan, which although seemingly inoffensive, can actually carry out attacks and intrusions: screenlogging, stealing personal data, etc.
Trj/CI.A uses the following propagation or distribution methods:
Exploiting vulnerabilities with the intervention of the user: exploiting vulnerabilities in file formats or applications. To exploit them successfully it needs the intervention of the user: opening files, viewing malicious web pages, reading emails, etc.
It is dropped or downloaded to the computer by other malware specimens, for example: Multidropper.RGN, Dropper.XW, Multidropper.RHU, Multidropper.RIS, Multidropper.RLF, Multidropper.RMA, Multidropper.RMB.
