My PC got a nasty infection. If anyone wants to study the nasty critters, I have them in zip file on a USB stick. Just tell me how to send them.
After having a bad day with UPS, I stupidly opened an email which i thought was from UPS. Worse, I opened the attached zip and ran the .exe (yes, I still cannot believe I would have been so stupid). The sad thing is that I am not alone. Others have done the same.
First of all I got some terrifying screens telling me to buy and install “XPSecurity 2008” from what masqueraded as a MicroSoft site.
On bootup, there were some strange processes such as rhcpdgj0et13.exe, lpctdgj0et13.exe and a new rhcpdgj0et13\ folder appeared in my C:\Program files\folder. A HouseCall scan turned up a number of viruses, but it could not remove them.
SDFix removed a number of viruses, including braviax.exe, which got rid of “Buy XPSecurity …or else” displays. Avast!PE got rid of more nasties such as buritos.exe and karina.dat., but it keeps finding C:\Documents and Settings\Funke\Local settings..\ttB.tmp and ..\wssl52[1].exe each time my PC starts up and lpctdgj0et13.exe appears as a new process. Also, even before Log-in, a
WARNING
Syware detected on your computer.
Install an antivirus or spyware remover to
clean your computer
And the screensaver has been replaced by a terrifying screen-saver that presents a BSOD (blue screen…), followed by a convincing show of the PC trying to reboot, followed by another BSOD and so on. The Desktop, Screen Saver tabs on the Screen’s property sheet have been hidden, so one cannot select a friendlier screen-saver nor extend the delay period.
This is as good as it gets with Avast!
Unwilling (and probably unable) to launch a career fighting malware, I have decided to kiss my hard drive good-bye. But, I have preserved a vial of these nasties for whomever wishes to study them.