Internet Virus Alert - "Spyfader" has been retooled

This may not be news to some of you but for those that don't already know it will probably save some time and money

I got hit with the "Spyfader" virus and there is No known cure, threat removal tool, or Antivirus software that can effectively block it. Seems it first came out of Russia in 2007, but now is resurfacing in 2010

Tore right through my Norton 360, laughed at Spyhunter, Lavasoft Ad-ware, and Microsoft Firewall. Norton's Tech folk essentially said "Some Viruses are stronger then Anti-Virus Software" and then pitched their $140 per hr Tech assistance. McAfee isn't saying anything. AVG has proven ineffective. If you search google for people complaining of the New Variant of this "Key-Logging Virus" chances are you won't find anyone that will come back and say "Hey - I found some thing that will get it out of your system"

Had a "Code-jock" over yesturday looking at it, (at least he tried with several programs to look at it) he claimed to me he had never seen anything embedded so well and so deep into Windows, IExplorer, and Adobe that you could not track it in Real Time. In fact we could only see the processes and threads activated by the virus only after the virus had them up and running.

I was instructed to immediately unplug the internet, format C;/ and reload Windows

That was after I had tried to run Norton (blocked from opening) McAfee (could not load definitions) AVG (could not fully open) Spyhunter (could not open), Ad-Ware (could not load definitions) even in Safe-Mode

If you , like me have 1000s of hours of work stored on your computer, then I suggest you back up well and back up often. Personally I run mirrored drives just for data and leave my apps on the "Main Drive"

Just a "Heads Up"

3 weeks ago. while I have restored Windows, we still can't get on the internet after I tried to load a new firewall. I've spent $200 on a geek and used 3 different online helpers. Not one of them has been able to reconnect us. I'm afraid to back up now since I might back up the virus.

Once C:/ was formatted and reloaded with Windows and Norton I scanned the CDs (inactive files) for signs of the virus, and then again with Anti-virus software.

So far so good

Just about every infected computer I've worked on had Norton on it.

There are plenty of better alternatives to Norton. AVG, Avast, Avira.

Install Malwarebytes Antimalware.

I haven't seen one yet that I couldn't root out in Safe Mode. There's no such thing as an undetectable and unremovable virus.

At some point I had to say the Data stored on the Mirrored Drives was more valuable then screwing around with this thing

Several 1000 hours of my modeling work in MasterCam, my wifes Architectual homework in Autocad and ArciCad, and 90 or so years worth of Family photos digitally enhanced.

especially because I have to use Windows at work. The amount of time and money spent to secure this piece of shit operating system is NOT worth it.

Have several 'throw away' email accounts for the expressed purpose of housing files off my computer. I email stuff I do not want to lose to those accounts, depending on topic. (different accounts serve as a file system). I know they are not completely safe, and I know my special program files are not gonna be saved that way, but it is a help for important correspondence and such, along with word, excel projects I want to keep, even pictures.

That and external hard drive for saving whole programs and associated work on them. Use portables that I only plug into the machines to copy stuff to save, or restore if need comes up.

Thanks for heads up on this bug. In process of changing virus, malware, firewall protection on machines at work. Going with what the bank has been using for a couple years. Don't know if it will catch this bug, but it already caught some stuff AVG missed.

It was just Too Good at running "Hidden Processes" and ALL Microsoft Certified Anti-Virus Software simply wouldn't touch it

Sorry - I vote Tin Foil on this 1

Also, don't surf in an Admin account. Use limited accounts - that stops most of them right there.

I don't think that "spyfader" is a Windows Sys file

There was some questioning that on the internet thinking folks had read it wrong and indeed it was sysfader.exe

It uses/infects csrss.exe, dwwin.exe, adobemedia.exe and Iexplorer.exe that I know of AND when you try to run Norton you see spyfader pop up for just a second or two as it immediately defeated Norton but that is again not the extent of the virus

We had 15 - 20% CPU usage with no known files running, only hidden processes which were the virus reloading and re-executing. At that point we knew we were going to have to reload windows so we deleted a few of the files trying to determine which were the guilty infected files. And this thing kept coming back to life

windows system processes. The registered version also automatically blocks new and changed processes - for instance a 'new'(infected) csrss.exe or wmi...

Think 'task manager' but with the ability to limit and or block processes.

http://download.cnet.com/ProcessGuard/3000-2239_4-10333974.html

The link is from CNet. (Remember the 'computer shopper'? Those guys.)

then attach it as a secondary HD on another computer (internal or USB), scan and clean it and then see if it can be removed?

And, it's not a system hog like Norton or McAfee.

:hide:

:hide:

don't know why - but thats the way it is

Think they're bullet proof at your own risk.

But I will look into it.

Sums up their commitment to "safe computing".

Or, we could just use a secure OS and not have to worry.

Windows errors related to sysfader.exe?

sysfader.exe is a process belonging to the NVidia Graphics device range and is bundled alongside these products. This is a non-critical system process although it should not be terminated unless suspected of causing problems.We strongly recommend that you run a FREE registry scan to identify sysfader.exe related errors.

http://www.liutilities.com/products/wintaskspro/processlibrary/sysfader/

~~~~~~~~~~~~~~

http://www.wilderssecurity.com/showthread.php?t=24363

~~~~~~~~~~~~~~

Hope this helps

Yep we had to look several times to be sure what is was as did others but was clearly "Spyfader" rather then "sysfader" which is a valid file type

Norton's free scan service on their website claimed I had "Haxdoor" virus but when I searched out the registry values typical of the virus they just weren't there. So that also was ruled out.

We were pretty sure it was some form of Spyfader which is a "Keylogger" with a back door and a reporting mech.

That would be devastating. I'd like to say I'm joking but I'm not. It's my life's blood. :)

My friend and I were just talking about buying extra external hard drives exclusively for backing up stuff, then just storing the hard drive. I already use an external for my music, but why not get another and fill it and put it away? I have piles of CDs all over the place...it would be nice to put them all away. The price is to the point where it's worthwhile for audiophiles. Sounds like a good idea more and more.

I have one external drive that I actively use for listening to music, and one more external drive that I backup to weekly. It helps when you move a lot, you aren't having to lug thousands of CDs around.

And I hear you, if something catastrophic happened and both drives simultaneously crashed, I might consider hanging myself as a viable option.