Rootkit?
Ever heard of that ?
Until recently I didn't.
The story begins at my girlfriends computer where one of her kids recieved a mail from a friend with a attachment.
Avast antivirus immediate sounded the alarmbell and removed it, but the virus is present again at every startup.
Its called msdirectx.sys and is beeing placed in the username folder.
It spreads trough mail, sending itself to every adress in the adressbook.
Aparently it is a keylogger that phones home.
So far I found it prevents you from opening :
- Regedit
- Taskmanager
- Hijackthis
It had shutdown ZoneAlarm and prevents it from a manual start, it prevents a Antivirus update.
There seem to be a few variations.
Some manual cleaning was described
here but the variation I found had none of the described register entries.
Further Googeling brought me
here (there are some interesting links on that page).
Perhaps for the paranoids (
peers) it is good to run:
RootkitRevealer
and
F-Secure BlackLight
I certainly have these programs in my PC good health list from now on
So far I haven't been able to kill the virus, but I have another go at it coming weekend, I keep you updated