Guess its so new kapersky didnt squash it.
Still, the bugger cant hide.
I got this from an ad banner (which I didnt click.. apparently it loads with the banner image on whatever website you happen to be on).
It starts in the system processes (cntr-alt-del , processes) under 'rundll32'
once it loads it becomes
awwhbbdtssd.exe
and it starts popping up messages above the clock with icons that look like the native windows antivirus system (yellow shield with !) telling you that WINDOWS has detected a trojan infection and to activate your AV.
No matter what you do, the system will refuse to load any programs.. not the antivirus, not the browser.. nothing. It will tell you the .exe file associated with the program is infected ... doing cntr-alt-del will briefly launch the task manager.. then it gets blocked saying tskmngr.exe is infected (lol!)
It does not load itself on windows safe mode...but avirus programs wont catch it there either.
Only way to block it is to stop the rundll file process as windows starts by doing cntr-alt-del while windows is just starting to load...
then you can use windows.
msconfig will show the awwhbbdtssd.exe as a startup program ... and thats where you'll find the folder its hiding in.
in my case it was hiding in 2 locations. on the desktop under:
kaka://c:\documents and settings\administrator\local setings\application data\asojkhanw\awwhbbdtssd.exe/netalert.htm
and of course,
c:\documents and settings\administrator\local setings\application data\asojkhanw\awwhbbdtssd.exe
killed the entire asojkhanw folder, cleaned all cookies, temp files, history, did an extra deep scan with 2 avirus programs I had..
rebooted one last time..
and its gone.
at least... its not blocking my pc no more nor popping up messages.
