Now, as scared and as paranoid as I used to think my brother was, I quickly killed this, and attempted to boot "safely" from CD to get a clean scan. As the scan ran, my seemingly overly paranoid brother just a few minutes ago, noted that "it's doing the same thing that my machine did" as the scanner started not going through all files and sub directories systematically, but jumping from key directory to key directory of either usefull information(mail, documents, etc.) or common tools or useful utilitity directories(scanners, system tools, system directories, etc.) and either mining or infecting as it went.
Going off what I knew then about infections, I immediately killed all activity, booted into "safe" mode, and started running a full virus scan with Norton's. Too late, after downloading the infected file, he got paranoid and noticed the website link was a spoof to some other site. He was going through his Yahoo e-mail through IE, downloaded a voicemail attachment (could have killed him when he said that) from a trusted vender that he was expecting (J2 messenger) and then told to go download a reader for it at some address. Toyed with rebooting into the MEPIS partition and giving him even more restricted access, but know now this probably wouldn't have helped.Īfter a few minutes, he said "oh f!%!#%" and yelled for me to come over and showed me a link he was told to go to, that was "spoofed".
I didn't know how he got this virus (either from cracked software, e-mail or script/security backdoor), but saw zero danger in reading e-mail. I made sure he had a limited account (Completely restricted account under Win2kPro), AV was on and at the highest levels, all the latest updates for virus and system security, behind firewall/router up, and told him okay. While I was trying all the previously listed remedy attempts with zero success, he asked if it was okay to get on my other machine to read his e-mail. Not believing he was doing it right, I had him bring his infected drive over, to put on my "test" machine one that I routinely thrash with programming projects, and can wipe and restore rather easily, to see what I could do to cure his ills. I thought my brother was losing it, as I walked him through numerous ways to deal with trojan/viruses to remove them, and no dice. This past week has been a painful and humbling experience, and rather than get into a long winded "me too" story, I'll sum up by saying all that you've said is spot on, and I'm still surprised there isn't more talk on the net about this vile threat.