DISCOVERY OF THE VIRUS
Yesterday, I connected to the internet (I have dial-up), but my little connection icon didn't show up. I was, however connected to teh internet (although NOT to my homepage, it had been replaced with "about: blank" the name of the virus that is doing this is scpStelth.cih ver.2.018). This has happened before, in fact, I haven't seen the original "Connected" icon in over a year (so i can't see how good or bad of a connection I've got), I assume because of a virus. I recently bought a new modem (old one crapped out), and the new modem produced its own icon, so lately I've been able to tell. As I said though, this icon dissappeared too.
I ignored it, figuring I'd deal with it later, and attempted to run Star Wars Galaxies. This is why I have no idea where this virus came from. The only time I've been connected to the internet in the last month and a half is when I play Star Wars Galaxies. However, I kept getting a client error (again, I assume because of this virus), and couldn't log on.
APPLICATIONS I HAVE/USE
I keep my machine very clean, I have multiple adware, virus, cleaning and scanning programs (Antivir XP, Spybot Search and Destroy, Ad-Aware 6.0, Microsoft antispyware, Windows Washer 5, AVG Free, and Ad-Watch 3.0, HijackThis, fixbgbear).
None of these can remove this virus. I had two friends (who know what they're doing) try EVERYTHING they could think of to fix it, but they couldn't.
DETAILS ABOUT THE VIRUS
The virus shows up in the Task Manager as rpcss_pl.exe, but cannot be removed. It changes my IE homepage, hides or removes my connected icon, does not allow me to right click and "Open in a new window", and disables my keyboard anytime I try to play games i have installed. It probably does more that I haven't even found out yet. My friend found (I think by running one of my scanning programs) the name of the virus (I don't remember, and im runnning adaware, so it should show up in that, and then I'll try to post the name of it), Googled it, and only ONE result was found, and it was some German website. Also, it seems to attack HijackThis.
OTHER VIRUSES/SPYWARE I HAVE (AND ANY ADVICE ON REMOVING THEM AS WELL WILL BE APPRECIATED)
TR/Rameh (as it shows up on Antivir XP, in an archive, so it cannot be removed)
Heuristic/Java.Downloader (again, found by Antivir xp, in an archive, so it cannot be removed)
Huntbar (as it shows up in Spybot Search & Destroy, I know where it is in the registry but cannot delete it)
I'm not too computer literate, but I can handle my own fairly well, and if I have detailed instructions, I can manage. If you need to know anything else about this virus, i.e. where it shows up in regedit or something, lemme know how to look that up, and I will and will reply asap. Same with inquiries about my system.
All help is greatly appreciated.
Edited by cavalier1516, 28 February 2005 - 05:24 AM.