the virus would use windows notifiers, a clone of windows defender, and other things to tell you your computer is going bad. also, it used a blue screen active desktop. it disabled task manager, and I think norton.
i disengaged the drive and used kaspersky rootkit scan and thought i got it then 3 days later, it was back. I don't know if it came back or if the user reinfected, but I tend to think reinfected. The second time, I kasperky didn't see it. I uninstalled Norton from the machine, installed NOD32 and then scanned the drive while hooked into another computer again.
nothing showed up in kasperky or NOD32 but it did 3 days prior. This time I used smitfruadfix and had to change the name of the exe. I THINK the virus is gone, all signs of it are... but now the network connection always says "weak signal" with a CAT-5 and it wont renew the ip. the loss of network happened before i removed the virus.
i have the logs at work from smitfruadFix and i'm not qualified to use hijackthis but I have those logs too. honestly, I don't have a clue right now why the ip wont renew.
one thing i forgot, there's a d:\ partition and the smitfraudfix gets hung up at 'calculating disk space'
Edit: Moved topic to the more appropriate forum. ~ Animal
Edited by rhysj, 19 March 2008 - 12:26 PM.