I just got a strange virus while surfing Myspace...first, a program called ~.exe in the win32 forum tries to activate, but I blocked it using OneCare. Irrelevant of being blocked, it begins attacking anyway. It opens a fake blue screen of death, followed by a fake Windows XP bootup screen with the addition of 'Unregistered Antivirus Copy' where normally it says 'Windows XP'. During this entire time, it was also flashing a red-x shield (like when the Windows firewall is off) in the bottom right that was spamming me with various error messages. It also blocked the use of the 'S' key and only that key. Ending the process via the task manager did nothing; it simply restarted.
I finally used search to track down ~.exe and when I found it I scanned it with OneCare, but it didn't show as a virus to OneCare. I used eraser (a program to remove documents by doing 32 passes over the data) to remove it. The attack stopped. I ran a hijack log through http://www.hijackthis.de/#anl and it turned up clean and that process hasn't returned.
Is it gone? What was it in the first place?
Edited by Ardixan, 08 December 2008 - 02:26 AM.