Hello. I suggest that you try the following malware troubleshooting steps. Scan your computer with Trend Micro System Cleaner and Trend Micro Rootkitbuster.

You may refer to the following link for details on how to use the Trend Micro System Cleaner:

http://esupport.trendmicro.com/Pages/How-do-I-use-the-Trend-Micro-System-Cleaner.aspx

For the RootkitBuster, try downloading it on the following link:

http://www.trendmicro.com/download/rbuster.asp

The tools should be able to detect and remove the virus from your computer. If the problem persists, I suggest that you generate the HijackThis Logs of your computer so that we can check for malicious registry entries and identify the location or directory of the virus. You may refer to the following link for details on how to generate the logs:

http://esupport.trendmicro.com/Pages/How-to-generate-Trend-Micro-HiJackThis-logs-for-malware-analysi...

Kindly paste the generated log here. Thanks.

the trend micro system cleaner can detect and remove the virus but after you restart the computer. its back again

the rootkit buster wont run error says something like the integrity of the software has been compromised

Hijack this can detect the infected files.. ive tried this one and analized the files here http://hijackthis.de/.. but again after restarting the computer everything is back again..

btw..

cant seem to get rid of this host file entry 127.0.0.1 jL.chura.pl

I suggest that you paste the HijackThis Log here so that we can check the directory of the virus. Kindly provide also the directories of the detected files which are located on the Sysclean Log. So that we can analyze it.

i have already formatted the pc and gave up on the virus..

infected files that were detected by Internet security pro, Hijack this, sysclean.

reader_s.exe

winword98.exe

servises.exe

location c:windows/system32

i will have the pc infected again just to collect the logs.

sysclean logs will only display those things listed above.

malware bytes log would give us more info

if you have a spare pc or if your confident enough that you'll be able to remove they virus

just download the virus from the link posted on the top of this page.

If you think that the files are malicious, you may use TwinFix to delete the viruses. Please refer to the following link for details on how to use TwinFix:

http://esupport.trendmicro.com/Pages/How-does-the-Twin-Fix-tool-work-and-how-is-it-used.aspx

i have also used the twin fix application i have downloaded that one from the support site..

but again i can only place there the 3 malicious files that internet security pro, hijack and sysclean detected

reader_s.exe

winword98.exe

servises.exe

located in c:windows/system32

if we can have a brave soul who would be willing to have thier pc infected that would be great.

btw if you'll have the pc infected

you can nolonger do the following...

- boot in normal mode

- cant open rootkit buster

- cant open combofix

- cant run autoruns

but you can

- run system cleaner but cant get rid of the virus

- run hijack this but cant get rid of the virus

- run internet security pro in safemode and scan and it will be able to detect and lock but after a restart everything is back

- can run twinfix as may times as you want but will not be able to remove the virus

- can run malware bytes get the log and manually delete the files but again after a restart everything is back

for sure we can have someone from trend micro try this virus and generate the logs and find the solution.

i can get the logs but not now.. im not in front of that pc

Hi All,

Thank you for sharing your knowledge to help other users of the community - keep it up.

Hello Tapsikret

I have edited your post to remove the link on where others can get the samples. Because all of us are curious in nature, some users might click the link and get their machines infected. I know both of us doesn't want that to happen.

I would like a link to this virus...I caught  this  (my own fault) and it was the nastiest I have ever seen...My only regret is that I did not save it so that I could toy with it on one of my offline systems...I couldn't find anything to defeat it, luckily I learned my lesson long ago and have everything backed up, but it still took my entire system down..Would love to mess around with this monster again....steer clear of this one