I dunno how the hell it happened but I am!
firefox.exe always running 24/7 even after reboot! We can see the 'real' version as I have Firefox open and its using correct memory resources.
If I delete the file from Task Manager it returns instantly. This is effecting NET applications like online gaming/MSN/Skype etc where they have slowed to a crawl.
NOD refuses to recognise it as does Spysweeper, Spywareblaster and Adaware. Tried a couple of online virus checkers and they don't recognise either!!
Done a search on Google and this may be the 'Poison Ivy' virus?? I see no way of removing it as I really don't know what this 'firefox.exe's' real properties are??
Reinstall is looming guyz!!
Quote
While there are other similar Remote-Admin apps used by trojan-makers, Poison Ivy quickly became popular for a number of reasons - it was new, it could be deployed without arousing much suspicion, it injected itself into the Default Browser process, and it had an attractive range of monitoring & set-up features. One such feature was the apparently unique 'Persistence' option - if enabled, the server file located on the infected system will restart itself even when the process is manually killed by the user - which means more 'up time' for the hacker - no waiting for the infected user to reboot their system or manually restart an affected application. Another handy feature is the 'Melt' function - which deletes the original infected file upon first run, so that a user cannot inspect it or uploaded to an anti-virus company's database.
This may explain why most of the popular spyware & antivirus utilities - and even the usual rootkit detectors - fail to detect anything malicious on affected systems.
Edited by scaramonga, 31 December 2006 - 08:27 AM.