Hi, I've been a tech for 20 years but I've never seen any sort of malware like this and I was wondering if anyone has heard of it or has any experience...
In Windows 7, the exploit appears to be a trojan that literally uninstalls and replaces all program files, services, registry etc. After gutting the system, it replaces the files with an entirely new OS that operates as a remotely controlled 'Virtual server' using a modified version of "Windows Virtual PC" system that apparently sends spam and logs all personal information. Many of these replacement files come from a website called : www.w3.org"
The virtual OS environment is very complete and detailed.. I was fooled for quite awhile until I realized that even my Google Chrome browser was 'sandboxed'.
Since "Windows"n isn't "Windows' anymore, there's no way to run a software tool to remove an infection, the whole OS IS the infection..
I made the mistake of copying this thing using a file manger booted up using Hirens. I transferred the copy to clean offline old XP machine that I use for analysis and it must have had some sort of 'auto-run' feature that stays active because it re-configured that machine in under 5 minutes. It even created an odd hidden fat partition to store it's core files.
I can't run conventional tools on this thing because it's 'virtual' and it basically decides what it wants to run and unless I boot from a bootdisk I have yet to understand how to shut down the virtual layer.
I've never seen anything this involved before and I haven't been able to find anything on the net about it.. Any ideas?