Possible Duplicate:
What to do if my computer is infected by a virus or a malware?
Has anyone seen/or knows anything identical to this:
1515..:19699.exe with a semicolon in the center?
Whenever I launch an app that lists the currently running processes (e.g. SysInternals "Process Explorer" or Nirsoft "cprocess"), they are immediately terminated and access rights are changed from the default valid ones to something different (I verified this with cacls).
I can no longer access the file, unless I take ownership of it (with cacls or through the Windows dialog box). As you can see, it runs under the NT AUTHORITY\SYSTEM user.
I tried terminating this PID with pstools, namely psexec -s. That gives the running process NT AUTHORITY\SYSTEM rights but to no avail. It also modifies the .exes in such a way that an additional "MS-DOS" tab is added to the file properties.
