Hi there. My dad has managed to get himself a pretty impressive v1rus going on his pc. Sorry for the leetspeak, but if I post with the word spelled properly it will shut down firefox instead of posting. This thing is preventing me from using all of the utilities that I would usually turn to. I'm unable to access any online_scans and I can't get onto the website of av@st or bitd@fender, etc, etc. It wouldn't let me download a copy of hij@ckthis either, so I wrote a script in Ruby to get the file manually, bypassing the browser. I got the file, but this thing also shuts down any process that it doesn't like, so hjt wouldn't run for more than about 1/10 of a second. Av@st is installed on this machine and it's managing to kill that as well. It continues to operate even when in safe mode, so no dice there.

I'm thinking it's probably a zombie of some sort or possibly a keylogger, since it seems to be using a bit of the processor and I think that it's generating a very small amount of network traffic. If anyone is familiar with this thing I'd appreciate any advice. I'll probably have to just back up his files and reformat, but I'd really like not to do that, since he's got a lot of valuable and confidential files on it for his business and I don't like the idea of risking any data loss.

I did notice some scamware on the machine. Something called malwareblaster or something along those lines. I managed to download an anti-v program called 'a-squared' and I scanned with it but it only turned up a couple things and none of them were my bogey.

At any rate, I'm open to any suggestions or experience with this thing. To tell you the truth, I sort of admire whoever programmed this bloody thing, but I'd like to admire them without having their malware on this box.

Oh, and this smiley is ftw:

--------------------------------------------------
Edit: The scamware was called 'MalwareCrush'. I remembered the name while driving home. I don't think it's responsible for this, though, since the scamware was really very poorly done and the virus seems to be very well thought out.

Hi -- Welcome to PCHF -- apologies for delay.
could you perhaps download a free Antivirus-- and perhaps a version of Spybot S & D onto a disc, boot into safe mode-- and install from there ?

No, it keeps running in safe mode and it doesn't allow AV software to run because it's scanning the resident memory for processes it doesn't like and terminating them. I'm pretty sure at this point that it's a rootkit. I'm thinking of putting the hard disk in a second PC and running a bunch of anti-virus software on it while its not the active drive. I can't think of any other way to get at it.

Thanks for the response, though.

Sophos has a free remover

Sophos Anti-Rootkit - Find and remove any rootkit that is hidden on your computer