Strange Virus / Worm

[Shooter]

Even fully updated Norton AV, Adaware, SpyBot have failed to pick this up,
let alone identify.

I spotted an app called 'Findows' running at boot up on my XP computer, and
there was a lot of Internet activity at boot-up. It was associated with
run32dll.exe (note: *not* rundll32.exe). I found the file in the system32
folder, and it had a CDROM icon associated with it, author not MS, but
"Clickme", creation date yesterday. Rundll32.exe was also there, and a
quick check on my other XP showed that this was the correct system file.

I found that yesterday, 6 Apr, a registry key had been added to :
....CurrentVersion\Run

Name: Callme, Type: REG_SZ Data: C:\windows\system32\run32dll.exe causing it
to run at start up.

I ran another scan in safe mode, but still nothing showed up. I've renamed
the offending .exe file by changing its extension, and deleted the registry
entry.

System re-boots fine, and the app no longer loads.

It may be brand new, I hope it hasn't harvested any info like other viruses
that attack these file types - any ideas? I've thoroughly checked the
Norton site - there's nothing like it there.

Cheers

 

[yabbadoo]

You got yourself SPYWARE - check GOOGLE - it ain't new.
HTH Len

 

[Harry Ohrn]

I don't know if this applies to you or not
http://www.liutilities.com/products/wintaskspro/processlibrary/run32dll/ but
you may have a tracking tool installed on your system which could account
for all the activity and the fact that AV programs are not finding anything.

 

[Shooter]

ref: "you got yourself SpyWare" Umm, yes, thats why I ran spybot!

Any more helpful answers