I see I'm not the only one here with this. Have been trying to remove and clean but not having any success. Also the infection seems to be something a bit different in how its hooked than others.
User reported very slow IE speeds and other issues. AVG doesn't pick up anything, other maklware scanner picked up and removed a few harmless odds and ends. Found tracks from the KDZLP.exe infection and cleaned that up. Was cleaning out everything else and found the windows\temp with the banking ripoff files:
$67wp.$, $$$dq3e, $$yt7.$$ and wsw2, plus a registry link and a prefect.lib dat file.
I have run mbr.exe and shows boot records are ok but there is a hook to the broadcom network driver. Here's the text:
opened and read successful,
detected MBR rootkit hooks:
\Driver\iaStor -> 0x85bb11c0
NDIS : Broadcom Netlink Fast Ethernet -> SendCompleteHandler --> 0x85beae20
Warning: Possible Rootkit infection
User and Kernel MBR OK
Use Recovery Console fixmbr to clean.
In safe mode w/o networking can delete the files. With networking they appear again showing the infection is still around. I installed the recovery console from Microsoft but when trying to boot into it I get a blue screen of death. My i386 files are not the correct version. Trying a boot from Windows.
I have tried to disable the network driver with limited success, and now the machine seems to not want to shutdown correctly. Usually have to do a hard boot crash (power switch!)
I already have the system restore turned off and removed the broadcom management software. Hijack this is loaded as well. Have downloaded
Running out of ideas to try to clean this thing off the laptop. having read thqt this is a key logger I don't want to do anything serious until I have it cleaned. BTW communicating on bleepiongcomputer on another machine!
Thanks for the help,
Edited by col temp, 23 September 2009 - 03:04 PM.