I acquired this pig from a usenet site somewhere. Was doing
housekeeping and trashing old files found a Quick Time Icon and double
clicked it - wrong move.

The firewall caught it trying to phone out on a restricted port - one
with an alarm setting on it so I knew about it about two hours after
double clicking on it.

It tries to phone a site in the UK or Netherlands. The executable is
a hidden file that starts from the registry. It disables regedit and
disables msconfig. Even after changing the attributes on the file
properties it won't allow you to delete the executable. No way to fix
it . . .

File hidden, masquerades as a screen saver with an scr extension, the
registry calls it a winsock2, and it kills the means to remove it.

To cure it I searched on Google and found some 244 hits on the usenet
sites and 4 on web sites (none of the virus prog vendors). I
downloaded TaskInfo2003. That let me shut down the program
(crl/alt/del didn't show it running). With the program terminated, I
was able to clear the executable and run regedit and repair the
registry. (Hijack This, may have also fixed the registry - I didn't
try it)

I'm indebted to the folks that solved this problem and posted their
findings. AdAware and Spybot do not find it. From some of the usenet
posts neither do Norton or McAfee (but norton is supposed to have a
program to do it if you are their customer and can download it)


-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 100,000 Newsgroups - 19 Different Servers! =-----