Items noticed and steps taken. Window XP system
Apparently there is a file that appears as a .txt file located in the Administrator user menu (noticed this from safemode) the file in question is epor.exe (under startmenu). If you try and disable from msconfig, it will populate another command to handicap the system. Can't find the epor.exe file in the registry. I couldn't delete this file for nothing. out of curiosity, I clicked on the file to see what content were listed. The file created another system folder. The user name will not be listed in your main users, but will create a system folder/user within the documents and setting's folder.
Steps taken. Removing files from registry, logged in safemode,command prompt and attempted to force remove the directory using rd /S. I attempted attrib commands to change the folder permissions. I've used killbox to delete directory on reboot changing from process to system, as the option type to delete. Used combofix. Combofix detects a rootkit. Smitfraud keeps decting and removing, suspect replication. AVG detect virus as well. I attempted to handicap the files by renaming or removing from registry to no avail.; this virus is constantly attaching itself and replicating. Customer attempts to install google chrome, it won't accept, but appears as though you had installed.
I like to know what is this virus and a fix if you have one. This is one of the toughest cookies I have ever seen and spent nearly four hours in an attempt prior to researching on the web and coming here for assistance.
Edited by Orange Blossom, 16 January 2011 - 06:54 PM.
Deactivate link. ~ OB