I got it today, I began to see my system slowing down, my e-mail starting with Send/Receive for hours, my CPU is taken 100%.
I have AVAST Home and ZA Free, my OS is WXP PRO, I ran a boot schedule with Avast and have seen that it was deleting Win32:Tibs-Gen1 from C\System Volume Information_restore
I ran HijackThis.exe and nothing relevent seems to be there.
What shall I do now?
It’s really very strange because this morning was asked by ZA if I wanted to allow an appliacation called cli.exe to go, after having checked on the internet I saw it is an ATI application, so I allowed it.
I ran also in SafeMode Spybot and AdAware and they did not find anything this morning.
I ran the application you suggested, found a couple of things (enclosed), I clicked to “change name”, but nothing changed.
I ran in SafeMode, Adaware, Spybot and HiJackThis, found nothing.
I de-activated cli.exe from my startup programs.
What shall I do?
Thank you
Alex
PS: I have no clou how I got this virus, I can only say that yesterday I changed my mail protocol and switched from POP3 to IMAP. I am usually very careful >:(
I went in TaskManager and found out that the process suking my CPU was spoolsv.exe
I went into Microsoft Office Document Image Writer and found a printing job that was on stand by, I deleted it and now the CPU went down to normal levels.
That is why you should always work under “guidance”, and before doing a thing check, for instance one of the things you found is perfectly normal:
Twist.dll
Component Name: Twist.dll
Description of Twist.dll
This is a component of MemoriesOnTV. MemoriesOnTV, from CodeJam, is a media management tool designed to make it easy for users to create slideshows from digital images, and burn them onto CDs or DVDs.
Recommendation for Twist.dll
NA
Trusted: Yes
Trojan: No
Chronic: No
Adware: No
Carrier: No
Browser Hijacker: No
Dialer: No
Commercial Keylogger: No
Remote Administration Tool: No
Suspected: No
Company Name: CodeJam
Platforms Affected:
Methods of Distribution: This program is available for download on shareware websites.
Variants/Versions:
Release Date: 2005