I am new to this site, but for some reason it will not allow me to post a comment to the 6 or 7 members that have already encountered this problem over the past 2 weeks. I hope this will get posted nearby or added to the list by an admin.
My first encounter with this virus started last week 11-3-14. It ran about 8-10 ten processes with the name Dkbhbtdheav.exe in rootkit memory which gobbled up about 50% of my Windows 7 desktop with a large HP i7 processor with 8 gig of RAM. It labeled it as a Google Chrome process, but I never have installed Google Chrome...and prefer the Google Classic search engine under IE 11. My performance went to almost nothing and my desktop icons would flash. I found it on my own with the windows task manager. Wasn't sure how it got there, but it hangs out in in the user folder...under a local low temp or Microsoft folder and file. I probably could have zapped it with the Microsoft Process Explorer like another did, but I didn't have the time and bailed out to one of my Malware/Virus apps, in this case, STOPzilla. I spent the $80 to have them clean it out online which took them about 30 minutes. So all was well for a week. However....
I didn't know how I had infected my machine until tonight, when I normally run all my Virus and Malware utilities. One of the utilities I have been running for years is Spybot which I recently upgraded from version 1.5 to 2.4. Version 2.4 was running ok for 2-3 months as far as I know. When I ran the Spybot 2.4 updates tonight and then the Spybot app....guess what....the exact same Google Chrome virus showed up in almost the same location.....under a Microsoft folder instead of a TEMP folder last week both under the Local Low folder. I can't be sure but I think the Spybot server is infected with this virus. I tried to contact them....but they are located in Ireland, with no email or phone contacts posted. It would be interesting if anyone else used Spybot recently and got infected with this pain. Let me know. To fix it, I decided to run Stopzilla again with the newest version which might address this virus....and by God, they did include it, and quarantined it for good. It was identified by STOPzilla as a Trojan initially in their log file.
For now, I would not run Spybot 2.4 until they acknowledge they are a source or not and clean it out ASAP. There could be other sources too.
Edited by rogerzap360, 11 November 2014 - 12:14 PM.