Tweet
Ok a bunch of us seemed to have been infected by that russian website from the "Big Hole" thread in pics/vids. The virus is win32/clspring.fa not a real dangerous infection but a pain in the ass to remove. After initially scanning the pc it removed 2 files as being the virus, spybot found a few entries as did adaware. i manually browsed through the registry removing added garbage from hklm>sw and hkc>sw thought i had it beat, booted up today and started getting more command prompt scripts running from %userprofile%\local settings\temp. scanned those files with antivirus and spyware but were not detected! ended up running filemon from sysinternals and found 2 running processes that seemed a little odd, c:\program files\common files\{24-8e5529-0257-1033-1029-040408190001}\ update.exe and services.dll these seemed to be what was propegating the scripts. i also went back and removed any references to that dir from the registry. if you are still fighting this little bastard take a look for what i listed and let me know if you find anything different...
-philip
-philip
Maybe our virus software doesn't completely suck after all.
wich was on Monday and its GONZO now.
TCS Auto-X Driver
Comment