I got it yesterday! (I'm in Australia) Using Windows 7 (7000) beta and Firefox. Believe it came through Firefox on a click to redirect web page. Went straight to IE 8 beta that I don't use because IE came up to configure it! So, I may not have used IE 8 before.
**** It is Advast! antivirus that I'm using on Win 7 that picked it up - just comes up a couple of times to abort connection then no more. does not stop connection but says it will terminate DOWNLOAD. Yes, I know I'm on Advast! forum, but you may have thought I was using another AV as I Googled to find this... did not come here direct.. was looking for cures, same as org. poster.
Lost my Vodafone Mobile Connect and ati Catalyst control panel (beta for Windows 7). Luckily, Windows 7 has Network and Sharing Center, so still able to connect to Net on wireless 3G.
I blocked the URL 8800.org thingy in Internet Explorer 8, but has no effect.
*Fortunately, as using Windows 7 (7000) beta, only a month till RC on 10th April, so everything gets wiped then... And can use Vista PC if necessary.
Found this below ............. Chinese but used Google translate.
How to get rid of CHINAPPI.EXE
Author:CHINAPPI.EXE Hits: Author: CHINAPPI.EXE Hits: 13 UpdateTime:2009-3-2 17:04:00 UpdateTime :2009-3-2 17:04:00
How to remvoe CHINAPPI.EXE How to remvoe CHINAPPI.EXE
Description of CHINAPPI.EXE : Description of CHINAPPI.EXE:
Same kind threat(Some information from Virus Total and Virscan):The threat same as the virus:Cloaked MalwareFile BehaviorCHINAPPI.EXE was detected the following harmful actions: Adds products to the system registryThis process creates other processes on diskCreates a new Background Service on the machineCHINAPPI.EXE harmful action: Created as a process on diskDeleted as a process from diskExecuted as a ProcessDownloaded from covert web sites without the user knowingThis program is often downloaded from the web The threat CHINAPPI.EXE detected Feb 23 2009 of Virus Alert online:SPAIN on Feb 23 2009NORWAY on Feb 23 2009 CHINAPPI.EXE same kind threat: 53271861.DAT03702669.EXEATLSYSTEM7236.EXEFORX719764.EXEFORX740914.EXEKOPI AV FORX38988.EXEW0W.EXEFORX152203.EXEFORX107665.EXEFORX442783.EXEFORX186558.EXECHINAPPI[n].EXE Threat file size 103,424 bytes 115,200 bytes 97,792 bytes Same kind threat (Some information from Virus Total and Virscan): The threat same as the virus: Cloaked MalwareFile BehaviorCHINAPPI.EXE was detected the following harmful actions: Adds products to the system registryThis process creates other processes on diskCreates a new Background Service on the machineCHINAPPI.EXE harmful action: Created as a process on diskDeleted as a process from diskExecuted as a ProcessDownloaded from covert web sites without the user knowingThis program is often downloaded from the web The threat CHINAPPI.EXE detected Feb 23 2009 of Virus Alert online: SPAIN on Feb 23 2009NORWAY on Feb 23 2009 CHINAPPI.EXE same kind threat: 53271861.DAT03702669.EXEATLSYSTEM7236.EXEFORX719764.EXEFORX740914.EXEKOPI AV FORX38988.EXEW0W.EXEFORX152203.EXEFORX107665.EXEFORX442783.EXEFORX186558.EXECHINAPPI [n]. EXE Threat file size 103424 bytes 115200 bytes 97792 bytes
CHINAPPI.EXE removal process CHINAPPI.EXE removal process
1. For remove CHINAPPI.EXE need temporarily disable System Restore and Reboot computer in SafeMode; 1. For remove CHINAPPI.EXE need temporarily disable System Restore and Reboot computer in SafeMode;
2. Locate CHINAPPI.EXE and Delete any values added to the registry related with CHINAPPI.EXE,then restart the computer; 2. Locate CHINAPPI.EXE and Delete any values added to the registry related with CHINAPPI.EXE, then restart the computer;
3.Delete CHINAPPI.EXE virus files or unlock CHINAPPI.EXE(download killbox to unlock CHINAPPI.EXE); 3.Delete CHINAPPI.EXE virus files or unlock CHINAPPI.EXE (download killbox to unlock CHINAPPI.EXE);
4.Delete IE temp files with CHINAPPI.EXE and run a whole scan with antivirus program ; 4.Delete IE temp files with CHINAPPI.EXE and run a whole scan with antivirus program;
Seek help in removing CHINAPPI.EXE? Post Hijack log on Free Virus Remove Help forum . Seek help in removing CHINAPPI.EXE? Post Hijack log on Free Virus Remove Help forum.
CHINAPPI.EXE Language: English CHINAPPI.EXE Language: English
Infected Platform: Windows 98, ME, NT, 2000, XP, Server 2003; Infected Platform: Windows 98, ME, NT, 2000, XP, Server 2003;
MD5 : yhh11857r849itkg11857jpriwc973re11857ir89gj11857; MD5: yhh11857r849itkg11857jpriwc973re11857ir89gj11857;
Update Time:2009-3-2 17:04:00; Update Time :2009-3-2 17:04:00;
Infected Times:11857 Infected Times: 11857 14
CHINAPPI.EXE File type: PE CHINAPPI.EXE File type: PE 15
http://72.14.203.132/translate_c?hl=en&sl=zh-TW&u=http://oral8.com.cn/VirusAlert/VirusAlert_11857.html&prev=/search%3Fq%3Dchinappi%2B2.exe%26hl%3Den%26sa%3DX&usg=ALkJrhgkLboNl7WFQg2Ew5z8sAnpYDnvGQ==========================================================================
***Just been running Malwarebytes while posting - put in results with edit. SUPERAntiSpyware will not install on Windows 7 beta, or the malware is effecting it - causes BLUE SCREEN OF DEATH!
Malwarebytes' Anti-Malware 1.34
Database version: 1813
Windows 6.1.7000
14/03/2009 3:23:50 AM
mbam-log-2009-03-14 (03-23-50).txt
Scan type: Full Scan (C:\|E:\|)
Objects scanned: 204622
Time elapsed: 47 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdss.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GUARD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MCSHIELD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xcommsvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xccinit (Spyware.OnlineGames) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\System32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\inf\xccefb090310.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\inf\rundll33.exe (Spyware.OnlineGames) -> Delete on reboot.
------------------------