My priest called me yesterday to say that he was having problems with his laptop. When I checked his NAV subscription, it had ended last November. Apparently he thought “prayer” would be enough to protect him.

WRONG!

So, on to what relevance this has to this thread:

I noticed that a process was taking up a lot of CPU cycles. It was called “plci01pdva.exe”. I immediately killed it and looked (via msconfig) to see if it was being launched at startup. Sure enough, I found that it was being started by a file in c:\windows\prefetch called “PLCI01PDVA.EXE-2209F53B.PF”.

In order to avoid the whole paying for software thing, I downloaded avast! for him and scanned. The kreper-b trojan was found in the executable mentioned above in c:\windows.

So, in addition to the rz_christmas.exe and other “names” for this bugger, you may want to look for this as well.

HTH someone.

werd