My father was over printing some stuff out and checking his email like he does every week, then he opened an attachment from an email that had a trojan. He then said yes to both my firewalls, Eset and Kerio, which downloaded the virus. The virus then set off my Eset/nod32 virus protection and poped up a fake virus alert saying "Microsoft needs to scan your system for spyware" or something similar. He clicked the fake one which ran it.
Heres my symptoms. After it hit the fan it through some html shortcuts on his user's desktop named "Error Cleaner" "Privacy Protector" and "Spyware & Malware Protection" which all lead to hxxp: //viruswebprotect--2008.com/shandler....said=0&sg=# (# = 0, 1, or 2). There is also a message "VIRUS ALERT!" next to my system clock when not in safemode. It is slow to load up in any mode now, about 10 min to get to windows login. In anymode on any user except safe mode with default administrator, the task manager is disabled. The explore crashes instantly in all modes all users, from the default admin task manager, i can see "verclsid.exe" runs every time explorer starts and they both crash after about 10 seconds. I tried to open system restore from safemode to see if i could get to the point of atleast a remote desktop to clean my machine, but it deleted all my system restores, i do have Registry Mechanic and a few back ups on that but only from over a month ago. I actually ran registry mechanic's fix registry option, that doesnt load a back up, and it found and fixed quite a bit but it didnt help me do anything to clean this. From msconfig i tried to load a few different boot options but got nowhere with that either, even the diagnostic startup failed.
I searched for virus symptoms related to mine and found the closest thing was on this site and it said it was worm.netsky.t but that topic did not mention a crashing explorer or the virus alert in my system clock and the shortcuts they mentioned led to a different url, the same as mine but no --2008. When i searched the "verclsid.exe" that i believe is crashing explorer, it said it was a windows security update from 2006 but i have not had this problem with it ever before, and besides sp3, i am up to date with most if not all windows updates. I tried and failed to access the internet yesterday to get HijackThis so i probably wont have a log of anything unless you have a secret to reactivating that.
I run Xp Home 32bit with SP2, I have a 3.4mhz processor (single core) and 2gb of ram.
Mod Edit: Disabled active link to malware site.
Edited by quietman7, 18 September 2008 - 12:50 PM.