A little more information.
This started with one of those fake anti-virus software things popping up. I don't remember the name, but it was tied to the process 'lgc.exe.' Got rid of that quickly. In case somebody finds this through a google search, this is what I did.
I located the source ( don't remember how I did this ), wrote a batch script to kill the process and delete the source ( this is accomplished by using 'taskkill /im <task name> /f' followed by 'del "<source>"' ), searched the registry for 'lgc.exe' and once I started getting funny hits, eradicated any trace of the sucker from the registry. I immediately ran the batch script. Gotta be quick on a lot of these things as they regenerate. After that, nothing on my PC worked anymore because 'lgc.exe' was a rather cleverly written shell that forced all .exe's to run through itself so it could do its job being a pain in the ass. So I went back to the registry and relinked something like 'HKEY_MACHINE_BLAH_BLAH_BLAH/.../.exe' back to 'exefile' when it had been prior linked to 'lgc.exe.' Easy peasy so far.
Now I'm left with this infected 'ping.exe' which consumes a ton of system resources. I'm not sure what its intent is exactly. It looks like all it does is visit a billion websites in the background because I'm noticing several secretive folders under 'C:\Documents and Settings\NetworkService\Application Data\Temporary Internet Files\Content.IE5\<random name>' getting filled with random junk super fast. Haha, I actually found this out be sheer stroke of stupid luck. I figured I would defragment to counter the slight sluggishness that I was experiencing, and noticed a high amount of fragmentation in that directory so I checked it out, only to see the folders refill as I cleaned them out.
AVG shows a hit on 'afd.sys,' ( Generic14.CBLO ) but lists it as white listed, so I'm afraid to touch it. However, I know what 'ping.exe' does so I deleted it, and surprise, surprise, it regenerates. I'm fairly certain 'pathping.exe,' 'ping6.exe' are also associated, but I can't be certain because none of the ping associated files turn up as hits in Malwarebyte's software, Kaspersky's root kill killer thing, Spybot Search and Destroy or AVG. But they all regenerate instantly as well.
Other than that, I appear to be running a clean rig.
Anyway, rather than be safe than sorry I have two batch scripts running in the background to keep 'ping.exe' from acting up.
I've attached the script just in case anybody else also wants it ( you'll need some Windows Server 2000 resource tool kit to get access to sleep as you won't be able to use the normal method of a delayed ping since you'll always be deleting ping ):
taskkill /IM ping.exe /f
That reminds me, I deactivate the batch scripts while I run various scans because otherwise, obviously, the scans wouldn't even find the files in the first place.
As you can tell, I've been extremely aggressive in my pursuit to find a cure. Anyway, nothing I do can get rid of this virus. Its ridiculously stubborn. Everything I delete regenerates instantly. I've tried to write in my own versions of 'ping.exe' marked as read only with access privileges set to deny for everybody, but nothing doing. Something is acting as a dropper, but I have no idea what. Could be 'afd.sys.' In any case, I could really use some assistance as I'd hate to do a reformat, but this is the only virus I haven't been able to take care of in one day, so I'm heading in that direction.
Thanks in advance and sorry the information is all jumbled. Lots of information to put out, and not a lot of time to organize it so its kinda flow of consciousness. Please do help quickly.
Edited by Celestine, 13 December 2011 - 01:40 PM.