Well, this is the problem: My little Sister infected her new Vostro 1400 LapTop when she tryed to install a pirated version of "McAfee VirusScan Enterprise 8.5i".
There was a single "Setup.exe", plus instructions to just "double click it and follow the wizard..."
Well, I was watching this and, just for curiosity, I opened that "Setup.exe" file with 7-Zip, and I found another big "Setup.exe" file inside, along with a little "is154343.exe" file (93.184 Bytes in size).
When I opened the 2nd "Setup.exe" file, I realized the software was there, but encrypted ("ZipCrypto Deflate"), and so I realized my sister was fooled by some "script kiddie" (or the like), as the only possible option to install the software forces the execution of "is154343.exe".
Then, I researched a little, and found a thread in this forum about it: http://www.bleepingcomputer.com/forums/t/149117/virtumonde/
And well, now (after having told my Sis to NOT USE PIRATED SOTWARE anymore) I'm asking for help to get rid of this. I'm a computer professional, very handy in "Windows" matters, but this nasty parasite goes beyond my knowledge.
What do I need to do / post here in order to get help analysing this? Please, help me...
(Thanks a lot... Great forum.)
Edited by Orange Blossom, 03 June 2008 - 09:03 PM.
Move to more appropriate forum. ~ OB