Hi Essexboy,
I'm another victim of this bugger, and I downloaded KittyFix.exe and double clicked it.
I hope this was correct, though the hint "IMPORTANT !!! Save ComboFix.exe to your Desktop" didn't mention KittyFix.
Before of having started KittyFix, I earlier stopped the malware program by starting Windows in secured mode, removing siszyd32.exe from the Autostart folder, and creating there a read-only text file with that name. The CPU usage was again low, but the internet connection remained very slow.
KittyFix downloaded and installed the Microsoft Windows Recovery Console, and started the scanning for malware (BTW, all messages were in German, Kittyfix detected the PC's language).
After reporting the deletion of avdrn.dat and kWab.dll, a message appeared in the same window telling (I'm translating from German) "Preparing log file. Don't start other programs, before ComboFix is ended".
All other windows disappeared, and the mouse was frozen.
I let this unchanged for more than 9 hours, but nothing happened, the same message was there.
Then I switched the power off.
If I double click KittyFix.exe again, the whole machine freezes now immediately, I have again to switch power off!
Maybe not everything was cleansed, because the internet connection is still quite slow (though better than before). The old 56Kbs modem I'm using now still shows a sent-received data ratio of about 1:2, even when I'm only downloading such huge programs. Maybe my PC is still sending a lot of data to the author of this malware?!
According to
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentlvn.html, "Troj/Agent-LVN
includes functionality to access the internet and communicate with a remote server via HTTP".
Maybe this functionality is still doing something there.
Though, I can now make the text file mentioned above rewritable, and after restarting the machine it's still there, the malware doesn't re-install himself there anymore, this is an improvement.
Unfortunately, I can't attach the file C:\KittyFix\ComboFix.txt, since it was deleted when trying to start KittyFix the second time, but it was quite small, apart of the mentioned two files it didn't mention other deletions.
Though, please find attached a file named cmdcons+Qoobox.txt, where I listed the files detected/duplicated by Kittyfix in the first call.
What do you recommend, should I try yet something else?
I wonder why allegedly most of the virus protection programs are not even able to detect this trojan horse.
Thanx, Fortius