It all happened last night, my brother was msning, a friend of his says "hey check out this site (somerandomchinesesite)" He opens the link, he is prompted to download a screensaver called "jpg.scr" (i mean isn't that suspicious already?) Downloads it.
Double-clicks it (as if not scan it online first) and an error message pops up...
Then it hits him... he just got infected.
So he hurries up and deletes the file he clicked, thinking its all good.
So I take a look, and yep, somethings immediately different about the comp. I can't download any files through "Free Download Manager" and it lags like hell. ESPECIALLY when i open notepad. I dutifully check the task manager at the processes tab... and i see some random process called 62D4F8F5DDAC.EXE running, sometimes disappearing sometimes 'teleporting' to the top of the process list. So on my other comp, i copied the few tasks that kept on appearing and disappearing
the bottom two are meant to be harmless me thinks....
so i end process them,
one minute later i check, and 62d4 is back up there again.
so I do a computer search, searching for 62D4F8F5D... and jpg.scr
they both pop up in the c windows prefetch folder...
then i deleted them...
but the 62d4 process kept popping up, so i realised i was just deletin a prefetch file (doh) and not the actual problem itself.
So like any concerned person i googled
only 3 sites popped up, all 3 in chinese, i used the google translator and got nothing out of it, except that another guy had the problem and some dude replied he should try some program (which is appropriately chinese and shareware)
So next i found two files in the c: windows: debug folder (but ican't remember how)
So happily i opened the debug folder, BUT i could't see them. (yes i turned on "see hidden files" on in the folder options)
To double check, i right clicked the debug folder and check its properties... yep there were an extra 2 files there i couldn't see...
So i tried to delete it through start > run> cmd > cd %windir% > del debug/62d4....etc
It said no such files detected.
So then i go to pandasoftware.com site to scan my comp,
so it downloads activex and some stuff into an 'activescan folder'
and my amon goes "C:\WINDOWS\system32\ActiveScan\port32.dll - probably unknown WIN32 virus",
so i was like wtf... so i stopped the scan.
used a nod32 scan... (deep heuristic)... nothing popped up except that "C:\WINDOWS\system32\ActiveScan\port32.dll - probably unknown WIN32 virus", and when it got to the debug folder it goes:
"C:\WINDOWS\Debug\62D4F8F5DDAC.dll - is OK
C:\WINDOWS\Debug\62D4F8F5DDAC.exe - is OK"
I'm not sure, but i think its this site : "我可愛狗狗的照片 hxxp://www.blogo.tw 好不好看要告訴我" I found it digging through my bro's old convo history. (shhhh.....) So yeah.. if you're brave ... check it out for me ;).
I would love any help and suggestions on how to get rid of this.
BTW i'm running windows xp sp2 with amon (not updated) and on dialup,
(so if you suggest any programs to download preferably not bigger than 10 megs mainly because I have to use the browser to download it since FreeDownloadManager is stuffing up not allowing me to download anything (hence i can't pause and resume a download))
Also googleupdater is stuffing up not allowing me to download spyware doctor (inside the google pack).
Mod Edit: Link disabled to preclude possible infection. ~TMacK
Edited by TMacK, 16 October 2007 - 11:47 PM.