As I was doing a basic search on the latest filenames associated with an updated "old" virus, this post came up as 1 of 2 web pages found. I just spent a pain in the rear 15 min to get on to reply, as this is fairly important. Yes its a virus....but its probably an updated form of "Virut" - one of the Russian "gangsta" attempts of rippin of primarily American consumers or related users that visit sites that show up in English Google seach results. Nice huh...
I am still in my initial phases of "taking apart" a customers' files as this can easily turn into a nasty problem, and easily spread or allow a backdoor into your servers and/or workstations. It infects almost everything- systems files, etc - exe, htm, scr, html, xml, zip, etc.....and since in infects many windows' system files, trying to save ur pc load is not a great option as it has a more than 50% failure rate in the end anyways - u cant delete all infected files (unless you are of course wiping the drive to start "fresh"). The AV you use must clean them, without damaging them...which rearely occurs with this virus. And they appear to have improved it some - I give them a little cred for writing it a little better - it now acts like a polymorph, infects asp, is a persistant "little ."
AND NOTE THIS - it will immediately open a backdoor via IRC bot like original, but it may have a new method - i am currently monitoring a new unusual traffic attempt...not done yet putting everything together. But the point is - its trying to link up, download new instructions or allow a remote user to do as they will with your machine and its world behind your router/firewall.
The giveaways - ptrf.exe ; cpjopaid.exe; wcfgayg.exe, a few others.
Just don't use it.
Its a late nite, I tryn to track down the suspect remote address for this latest version; and the website that past it - it also changes ur default browser from IE - to what - ?? - as no other browser on the PC. And if it finds those files during its initial search of its new home (your PC), it acts as soon as it finds any web pages - client or server. Until your ready, leave your PC off, as it will continually infect - and soon your few personal files you can save will also be turned. I will hopefully have a useful recommendation to save it all, or at least maximize the user file saves. I am planning on a Tues AM delivery, or sooner, for my team to start a review.
Have to go....
removed email address to avoid spambots.