It's about an uneraseable virus (think so...) that looks like the recycler bin virus with a folder whose prefix is S-1-5-21-1801674531-1580436667-1343024091-1003 (the number changes everytime you make a fresh install but it allways starts with s-1-5-21 and end with 1003) in all the system hidden folders c:\recycler, etc. It's expanded all over the registry and it has some folders (S-1-5-21-etc.) with temporary uneraseable files (you shred them and they come back, it's like a Stephen King argument), I use unlocker to erase things (they are locked by the proccess explorer), I had even made a script with the command killproc for the explorer process to be able to delete everything but nothing happened. I have tried to use different antivirus and antimalaware solutions but they don't detect anything or this thing don't let the installation come to an end (or the update of definitions). The hijack part of a-squared anti-malaware detects the tricky autoruns and more, but when you try to block them (including ctfmon), the virus reacts aggresively and mess everything in the system. I have even tried to wipe the whole disk (including erasing the mbr, bios, cmos, everything) using utilities disks like hirens and more, but it looks like this crap moves from disk to RAM and backwards so I don't know what to do about it. I have tried Comodo firewall but it wasn't of much help. Avira neither. Mamutu behaviour blocker (from a-squared) is kind of a good protection (it doesn't clean but keep things safe) so are other heuristic antivirus. But they can't clean it. One thing is clear. It infects Windows XP or Vista (installing Vista you can see a hidden and uneraseable partition Z:) but it can't infect Linux (tried Ubuntu, Fedora and its allright). I attach the logs of Hijack and Root Repeal and hope somebody can help me about this.
Thank you. Rafael Diament.