For about 20 hours now constantly running different antivirus kits to get rid of one very strange virus... see for yourself.

Hijackthis log doesn't display anything I didn't add to the reg myself, or have no clue about. Ad Aware doesn't find anything except "...blah, blah.../startingpage: about:blank" which I put in there myself too. And it continues like that until I run AVG, this one finds only one file: " .exe" I don't know about the amount of spaces, I can't identify it well. The real problem is that AVG doesn't delete the file, it just "removes the virus by healing" and then it pops up once again at next scan. A strange thing is that this file is not listed in in the search even if I just type "*.exe" or ".exe" (which is supposed to be the same, but still...) It's not among those 2691 applications I have, it's just not there. It doesn't have any side-effects, it doesn't pop messages up, change the starting page, cause pop-ups, it doesn't even use the network (or I don't know about it?). It's just there and at the same time it's not there.

So I'm sitting here, all feeling dumb and having no clue about what the heck it is.

Does anyone know anything about this one?

Hi KYKYLLIKA,

What is your Operating System? if you are using Windows ME or XP, first try to disable System Restore and empty your temporary internet files. Reboot the system and see if AVG will alert you again.

Have you tried to run an online virus scan?
Try housecall - http://housecall.antivirus.com/housecall/start_corp.asp

Thank you, I will see what comes up. I'm using Win2k, and I have a router with extra security system that mirrors Wan requests so that the network can't be identifiedfrom the outer sources (maybe that's why the "virus" is not active...) which is particularly strange, because it disables most of online interaction originated from outside the network...

<edited a few hours later>
The online scan has found five files (not counting the virus veryfiers of AdAware)
Those are:
systemie.dat
systemie.exe
and systemie.dll
from winnt\system32\

and also nntcl.exe from c:\

What should I do with those?

The file " .exe" has mystically disappeared from whatever it was in, and it's no more detected, however no new or modified files were found also.

Hi again

Housecall should be able to disinfect your system and let you know the name of the virus (did you note the name of the virus? not only the filenames) in a pop-up window, along with options for automatic cleaning or deletion of the file (did you allow it to clean or delete the infected files which you should). If you did, I suggest that you confirm your work by running another Housecall scan.

Make sure you note again what it finds (virus name and filenames) if it found any again, then use Windows search/find utility to locate them then delete any instances (be careful on filenames when deleting).

Also, try to check your running processes for strange/suspicious running application/processes. End their task before running a scan so Housecall will eliminate it properly.

Oh yeah, I'm so stupid.
First, I still have the window of the scan opened, so I can easily access any information the scan gives me;
Decond, I have found a page about this virus.
And third, yes, it doesn't really replicate itself, it replicates the process it is, so it's pretty vulnerable actually, now I'm just going to delete all those files and clean the registry up at the same time which (if done simultaneously) will ensure the proper heal of the trojan.

Oh, yeah, and the name of this trojan is SISIE.A

Thanks for the link of the detected trojan in your system by Housecall. I guess you can take care of its registry entry now by deleting the subkey HKEY_CLASSES_ROOT\CLSID\{B6E97B50-6B39-4BC4-8CB7-555F970A5BEA}

It noted there that deleting should be done in safe mode which is good so any running process that was dropped by the trojan will not run (hopefully)

Good luck! If you need additional help, let us know

Well, everything seems to be clean now, I think it was just the new variation of that old virus, which ran an unidentifiable executor to install and encrypt it into the system, also strange that I have no registry entries that whouldn't be there whatsoever (I read a few pages of the registry around the {B6E...} area just now and ditn't notice anything strange or unusual at all, the desired registry entry wasn't there too, maybe it's because of security settings I put onto my machine...) So far nothing pops up. Thank you for help, this online virus check site was something I needed.
The computer seems tobe intact wee

You're welcome! Great to know that the system seems OK now.

Will now close this topic. If you want to re-open it, please PM a moderator or AVG host.