HELP!
Recently I've found a virus/AdWare/MalWare that no one else has seemed to have found. I've searched using the most popular 20 or so search engines and have come up with nothing. Neither AdAware, Spybot Search & Destroy, Panda, McAfee, Norton or Trend Micro finds anything wrong.
This infection really slows down your machine. Unfortunately, during the cleanup process, I destroyed most of my clues. I did however record the name of a file.
It is MDHSRVPA.EXE. It doesn't show up in the task list so it can't be killed there. If I search for hidden, system files, I find it in either the windows\ or windows\system32 directory. but it can't be deleted or renamed as it is in use and locked. I was able to finally delete it by killing the EXPLORER.EXE task, opening a command window and attrib -s -h mdhsrvpa.exe and then deleting it.
Looking through the registry, I found references to it in several places but didn't record the keys before i deleted them. I did find a key that had a suspicious name like
"hoWcoOliaM86" (HowCoolIam86) leading me to assume that this was generated by a hacker born in 1986. This is not the actual name of the key.
In this key and it's subkeys were references to other files and web addresses
There was also a suspicious directory (also named in the registry key) either in the C:\ (root drive) or C:\program files with the name MSNxxxx (something like MSNRELO) which was very large (appx 1GB) which I deleted. (Damn, I wish I had written this stuff down). I tried to export the key before I deleted it but couldn't find it after the delete.
Another indication of trouble was, with the machine booted, settled down, and idle the cursor would flash the hourglass about once a second. This would go away if the network cable was unplugged or if the internet was disabled.
In an attempt to discover what was trying to access the network, I installed ZoneAlarm. ZoneAlarm was allowing access to many files with gibberish for file names! Files had unprintable characters for names. By stopping internet access (ZoneAlarm STOP button) the flashing hourglass would go away.
Another indication: each time the hourglass would flash, memory usage of the program manager (explorer.exe) would increase by 12K. If the machine were allowed to run overnight, it would crash with blue screen of death! with differing error indications (driver errors, microsoft error pointing to virus or spyware, and others)
2/20/06 ** the flashing hourglass was eventually traced to the battery meter! Which I didn't fix, simply disabled.
If you are running into this problem, please contact me at steveXXX@connecticut-business.com (Remove the XXX before sending) so we can cure this once and for all.
Thanks
Update - Thursday March 2, 2006: Google has listed this page. I hope we can solve this one.