It works by using and infected file from a package with a trusted certificate and then imbeds itself into system files such as svchost and loads the mimicked dll file instead of the original.

It is a Trojan Horse that opens a backdoor to download its own files.

This is one of the nastiest viruses around to date and can be extremely difficult to remove.

I have tried Norton’s removal tool, McAfee’s removal tool, Combofix, TDSKiller, aswMBR 0.9.9 and Malwarebytes to try and rid a system of this little critter.

My recommendation is to use Combofix, this is likely to break your TCP/IP stack, I then ran a scan with TDSKILLER which found afd.sys to be infected in system32\drivers. It did a cure, rebooted and all working perfectly now.

Hope this helps.

Adrian

I’d just like to welcome you to the Radford Computing website and in particular to our blog, where I hope you’ll find the information here useful and interesting.

If you want to ask any questions, leave a comment or use the contact form if it’s private.

Many thanks

Adrian