Any one ever get this cock-sucker of a virus?

I've been fighting this thing for over a week.

So far the best results have been unplugging the network connection and doing deep scans with

Hitman Pro
Ad-Aware
Spybot
Spyware Dr.
Enterprise Nortons
ESET NOD32

The problem I'm having is that the HD activity goes berzerk at boot, progressively slowing the system till it crashes about 15 minutes later. So as you can surmize, I'm having to do these deep scans in small chunks.

Frustrating ...

Any one have any other ideas?

Here is something from Geeks to go that may help.
Geeks to go

My defenses consist of Avast!, Malwarebytes, and Combofix if it goes that far.

Malwarebytes has fixed lots of stuff for me on various pc's that seem to show up broken on my door step.

Is that related to AICMCTexas being down new years eve? Ever since then Firefox flags it as a reported attack site. I've ignored the warnings and so far haven't picked up anything but a headache. SD/Nod32

I believe so.

boot into safe mode w/networking, run combofix, malwarebytes, spybot, http://housecall65.trendmicro.com and http://security.symantec.com .

Safe Mode - check ( the only way I could get a full scan from any detection software to complete)
malawarebytes - not yet
spybot - check
housecall - check
symantec - check (corporate version)
ESET NOD32 - check

Ad-Aware - check
Spyware Doctor - check (PCtools editor's choice)


Opened my startup sequence listing under msconfig and found AdobeARM was loading very early. A quick search found not alot of infon on this program, but that it wasn't in any way associated with Adobe, according to the 4 or 5 independent sites I went to.

So, I deselected it and my runaway HD issue went away.

Any one know what AdobeARM is?

If I boot the machine will run in idle for hours and hours. If I open Office 2007 documents and yutz around in them the machine seems stable. If I surf the net, checking on forum sites like this one, it seems to be OK.

However, if the threads contain a lot of graphics, photos or embedded vids, the system locks in short order.

I uninstalled my graphics card (GeForce 8600GTS), drivers and NVidia control software and then reinstalled with the latest drivers and no difference in performance. Could I have a video card processor over-heating? The fan on card's processor is running.

A little more information ....

Apprently this little beggar, along with a few others, exploits a JAVA hole in the recent versions of Adobe Acrobat and Adobe Acrobat Reader.

If you are getting notices about updating Acrobat Reader ... DON'T do it till Adobe patches the holes.

If you have updated to v8 (I think), do this ... regardless of which version, do this.

open up any adobe PDF file.

Select Edit
Select Preferences

In the Preferences menu window, highlight

JavaScript

and uncheck the "Enable Acrobat JavaScript" check box.


This should keep you relatively safe.

And yes, I'm still battling this damn thing.

don't have any advice except to say we are battling the same thing here...we just reload the computers that have the issue. I'm working on a script to automate turning off javascript...

good luck

im not sure what you want to save on your hard drive, but my dell has a program hardwired to return the computer back to how it was sent from dell. what disturbs me is that when i call dell they transfer me to some indian speaking country and want $200 to fix my computer, i said no and looked through my dell manual for a bit and figured out all i had to do was press ctrl and F11 when the blue bar goes across the screen at start up. then it opens the said program and it's self explanatory from there.

and after i did it, my machine ran like a 2 stike convict

That's good information.

I have restore points automatically saved which turns out to be about once a week. And they go back a few months.

All of my restore points were corrupted, symptomatic of this virus.

Have you tried MalwareBytes Anti-Malware yet? It clears up my inlaws' computer nearly every time.

http://www.malwarebytes.org/mbam-download.php

No, I haven't.

I have 3 malware programs now. I have seen where one mw's footprint will trigger another's scan.

But my issue is I can't get the system to stay running long enough to complete a scan.

While I thought my problem was a virus (and it was), I am seeing symptoms of a video card mis-handling memory. As the system locks, I see ghosts of windows I'm trying to close in the window directly behind it. Classic video card memory issue.

I have uninstalled all the video card hardware and software components, including editing the registry and physically pulling the card. I then installed the latest driver and controller set available from NVidia.

No help.

So, I'm trying to track down an NVidia PCI-E card I can throw in there just to see if its actually hardware related or not.

if you absolutely have to fix this machine without a reload, I'd take the hard drive and put it in another machine. This will allow you to scan for the virus/spyware files but not the registry info. Once the files are deleted, you can put the drive back in the original machine and rescan it (not connected to the internet). This will enable the software to remove the registry info for the virus/spyware. Pick a spyware program that you can download the updates manually and put them on the computer. This way, you don't expose yourself to reinfection by connecting a not-completely-clean machine to the internet. malwarebytes works pretty well. Our mcafee here at work is awful.

Todd, "have to fix" is a relative term.

I started down this path because I didn't want to have to reload all the software on it again. I don't keep much data on the system drive for this very reason.

But, in hind sight, I've spent MORE time trying to repair it than I ever would have reformatting and reloading.

Putting in a differnet machine is a great idea. I have an old, old, old celeron machine with XP on it that would be a good candidate for this very evolution.

I didn't see combofix in your list. Have you tried it? You may have to rename it for it to run. I've seen some viruses act on the name.

If that's not working then you need a Preexecute Environment CD like BartPE. I did a search and found this one too which I haven't tried. Gonna try it tomorrow on a machine I have here on the bench.

http://www.techmixer.com/multiple-antiviru...e-disc-utility/


Once you're in a PE then you can definitely kick its ass.

good luck

Ur doing it wrong.

1. Boot in safe mode.
2. REGEDIT
3. Find "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" & RunOnce and RunOnceEx
4. Remove virus entries. Do not remove valid entries. If you don't know the difference, try googling each process name or have a pro look at it.
5. Open windows explorer and delete all the virus files.

There might be another place that has the Run key you'll need to clean up.

I like to open windows explorer and sort it by date. I'll then drill down into any directory modified since the date I suspect the virus was installed.

AV programs can only fix what they know about. It may take the AV company some time to create a fix for it.

Man it would be great if virus removal were that easy!!! What about system restore information and rootkits?

yup...and plenty of them run now in safe mode...and will add the entries back into the registry as fast as you can delete them

Been off-line for a while. Thought it time for an update.

Machine finally got to the point it would no longer boot. Even in Safe Mode.

Took the drive out and went to another machine

Malwarebytes would hang about 15 minutes in
re-install of Windows would hang about 1/2 way through
Spinright 6.0 worked for almost 30 hours and was 2% complete

At this point in time, I don;t know if the virus corrupted the boot sector, or the multiple hard crashes due to system lock corrupted a boot sector, or a combination of the two or I had a failing HD that made me think it was a virus the whole time.

I lost a lot of data. Most noteably was activation codes for software I had installed and received via e-mail. I have now fixed that problem by saving them to a web-based e-mail account instead of a local account.

What a PITA ...