Polymorphic spyware/scumware is annoying.
Each time I boot up my laptop a strange file (for which a search for its name returns no results on Google) is running in Task Manager, and its name changes with each bootup. I know it's the same file because I located the files in the c:\windows\temp directory, and all of them are there, with the same filesize, date modified and icon (adding insult to injury, that of a cute little dog). I've deleted them but are quite sure they'll reappear the next time I reboot, with a different file name of course.
Running Hijack This, Spybot - Search & Destroy, msconfig, services.msc and RootkitRevealer, I can't see anything suspicious. Maybe I need to go through services.msc again.
I might reformat, except that I just got my laptop back on wednesday, and setting everything up again is a pain. This is just like the last time I reformatted, and Vincent asked me to join Studio Traffic, which resulted in me getting hit by 20 spyware programs within a day of my reformat.
This is what happens when you unwisely run activate_crack.exe from an Astalavista site. Gah.
I just know some people's will respond with "just get a Mac", but this is like a small cut on your arm getting infected, and then being told to amputate the whole thing.
Addendum: I searched my computer for files with the same/similar file size/date modified, since I reasoned the polymorphic file had to be copied from a master exe...
... and found that OfcDog.exe in my Trend Micro OfficeScan directory had the same file size/date modified (down to the last second) and icon (the one of a dog). And other dlls in the directory had a similar date modified, so it was not a case of the spyware being smart enough to hide itself in the directory.
This is really odd. This is what happens when you use the Japanese Anti-Virus client which NUS installs for you.
Back to Grisoft's AVG free edition. I suspect it uses less resources too. But first I've to get around darling NUS's "we know better than you" policies (more on that in a future post): "Type the password to uninstall the OfficeScan client".
Maybe I should've formatted after all...
Addendum #2: Amazingly, the staff member who responded to my email gave me the password needed to uninstall Trend Micro. And they replied to my mail within an hour on a Sunday Afternoon too.
The staff at NUS Computer Centre's IT Care are fantastic!