I
Injury
Just managed to get rid of one off a customer's PC that
nothing I used detected (on this PC Microsoft AntiSpyware
Beta, Spybot, Adaware, trojan hunter) Norton 2005 found
some files it detected as trojan.downloader but just
reported them as threats and didn't remove any files.
Some files I was able to remove manualls howver many
seemed to self delete as they weren't in the place where
Norton detected (checked for system and hidden files in
command prompt window).
Symptoms on this particular PC was a dos program box with
sysxxxx.exe running xxxx being what seems to be a random
number, these files were created in the C:\Windows
directory, deleting them solved nothing. The HP printer
would Form Feed until it was out of paper if it was left
on while one of these sysxxxx.exe programs were running
(all the programs appeared to do on the screen was scroll
real fast). It's activities also made the taskbar and the
desktop unusable for about 5-10 minutes in both normal
and safe mode. Using End Task on explorer.exe and
starting a New Task with it would bring the desktop back
to life. Safe Mode wasn't much help with the
desktop/taskbar problems as it still loaded there (though
I don't recall ever seeing a sysxxxx.exe try to run in
safe mode) Despite these pauses startup items (like a sql
server implementation on this PC) seemed to run fine
maybe appeared marginally slower to users.
Was able to find and get rid of it with a process
explorer that found hidden C:\Windows\Systems32\uinc.dll
being called. The actual registry entry I can't pull up
(as I'm not willing to unleash the thing on this PC
again) But it was called via a reference in
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServic
eObjectDelayLoad
Actually I should knock on wood, thought I had the
problem fixed the past 2 days, but after about an hour it
would come back. 3 hours and so far so good.
nothing I used detected (on this PC Microsoft AntiSpyware
Beta, Spybot, Adaware, trojan hunter) Norton 2005 found
some files it detected as trojan.downloader but just
reported them as threats and didn't remove any files.
Some files I was able to remove manualls howver many
seemed to self delete as they weren't in the place where
Norton detected (checked for system and hidden files in
command prompt window).
Symptoms on this particular PC was a dos program box with
sysxxxx.exe running xxxx being what seems to be a random
number, these files were created in the C:\Windows
directory, deleting them solved nothing. The HP printer
would Form Feed until it was out of paper if it was left
on while one of these sysxxxx.exe programs were running
(all the programs appeared to do on the screen was scroll
real fast). It's activities also made the taskbar and the
desktop unusable for about 5-10 minutes in both normal
and safe mode. Using End Task on explorer.exe and
starting a New Task with it would bring the desktop back
to life. Safe Mode wasn't much help with the
desktop/taskbar problems as it still loaded there (though
I don't recall ever seeing a sysxxxx.exe try to run in
safe mode) Despite these pauses startup items (like a sql
server implementation on this PC) seemed to run fine
maybe appeared marginally slower to users.
Was able to find and get rid of it with a process
explorer that found hidden C:\Windows\Systems32\uinc.dll
being called. The actual registry entry I can't pull up
(as I'm not willing to unleash the thing on this PC
again) But it was called via a reference in
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServic
eObjectDelayLoad
Actually I should knock on wood, thought I had the
problem fixed the past 2 days, but after about an hour it
would come back. 3 hours and so far so good.