This is a virtualized malware infection!! This must be at the top of the list of difficult to clean.
Maybe, Trojan Downloader. Attaches to partitions and attached drives. May have stealth or defense. Cripples KAV 7.0. Affects web connections to anti spy and like sites.
Does not like Returnil with vista, crashes my computer, only possible to reinstall OS.
Sorry I can't be more specific, I have wiped the original install that the infector came from. Too scared to plug in usb flash, unless I plan to wipe.
I have plugged it in to reinfect myself. I know.
and pinfect.zip.
Upon load it takes a snapshot of everywhere. **[{update--It is doing this to virtualize the computer for self preservation}]**So I guess it is determining a course of action by gathering information. A report is probably sent to someone, then Pinfect.zip appears later. It's not a virus, some type of RAT. The root never seems to leave, which means it probably is on a device, or peripheral device. That explains why crashes occur with Returnil, because they are inside already. With virtualization they can't update their root with more tools. Eventually they will get to a point where they will install a frag router if I compensate for the infection. I currently cannot access online security scanners, Trend, Panda...this occurring from the root portion. Which means they are using java in some way to manage my computer. My ability to help myself is injured.
I feel there is a part A and Part B. A. being a rootkit that is independent of the infection. B. is the Trojan downloader.
The rootkit is interfering with the function of the security tools, like AVZ, Gmer, RKR, RKHookanalyzer, Raide, Vice, HJT, and online scans, Trend, Panda and the like. That explains why crashes occur with Returnil, because they are inside already. With virtualization they can't update their root with more tools.
The reason I know what the Trojan does, I have plugged the flash drive in while running Process monitor. To determine what occurs. It checks everywhere, systematically.
This is where HJT is storing the Hijackthis Log-
C:\Users\N00dleIT\AppData\Local\VirtualStore\Progr am Files\Hijackdis\hijackthis.log
Too long to be the HJT folder.
These scans-----v will not show anything in a virtualized malware infection!!!