PersonalI hadn't gotten in a virus in what must be a year. I hope this helps people who find the same problems. I was annoyed when I opened a file and I got one of those fake "You're missing blah dll" messages. I quickly clicked ctrl+alt+delete and then found a new process called "IEXPLORE.EXE" had spawned in my processes.
IEXPLORE.EXE is the filename for internet explorer, but not when Internet Explorer is not running. Having the filename in ALL CAPS is another flag. So I click ctrl+F and I search "IEXPLORE.EXE". It finds it in C:WindowsTWAIN_32. I delete it. I restart. IEXPLORE.EXE is running once again! Hrmmm. Ctrl+F search, delete from C:windowsresources. Something is making it spawn. I have nothing on startup, not in the registry, and nothing new in services.
I search around the internet and apparently ldr64.dll is the culprit. I had noticed winlogin.exe process was still running but I couldn't close it "This is a critical system process". It usually closes after you login and you don't see it in the process list. It turns out winlogin.exe is a very virus friendly program and protective program. Apparently ldr64.dll was using winlogin.exe to loop itself over and over again in the safety of being impossible to close. ldr64.dll had also made an entry somewhere in the registry. Search for it on regedit.
Use a delete on boot program, or use a boot disk and delete it in dos.
del C:windowssystem32ldr64.dll
So I deleted ldr64.dll... now what?
Winlogon.exe no longer lingers supporting the ldr64.dll virus loop, but IEXPLORE.EXE is back again, in a different windows subdirectory. What a pain in the arse this virus is. Something is spawning IEXPLORE.EXE and CLAMAV cannot detect it.
I uploaded the virus to the following site for scanning:
http://virusscan.jotti.org/Luckily their server load was low since it was like 3 AM. After a lot of searching I didn't really narrow my results too much. The possibilities were:
All the automated removal tool downloads I tried didn't work.
I used one of the few virus softwares that detected it. I hadn't tried Ikarus before and it had a simple free dos scanner that's 11 mb. I ran the parameter:
pscan.exe C:Windows
Update: yes, you need to go to start run or hit windows key+R then type CMD, hit enter. You'll be in the command line.
Update2: If you don't know how to use DOS please don't use the command line removal too, and secondly dont email me saying the little black screen disappeared when you opened it. If you have the same problem I do. Follow the steps above, search and delete directx.exe, and reinstall microsofts directX in case you deleted the real one (the virus should be less than a megabyte).
It did its job, took awhile though. It found C:/windows/system32/directx.exe was infected with the virus. I deleted the file, reinstalled directX in case it overwrote the real, original directX file, and viola, no more IEXPLORE.EXE on startup. What a pain though? Who would go through all that trouble. I wonder how many people have this disgusting virus and don't even know it...
Checkout my Mp3 and files search that uses google to find music/albums, anime, games and movies with direct downloads. It's very safe and easy to use, just search for a song, then right click save as to download it.
See my new funny pictures blog. I accidently deleted some of the old blogging software which I made, so I just rewrote everything from scratch. This blog won't be updated anymore =/.
I make video tutorials on a variety of topics on youtube. Please help me out by adding me as a friend if you have a youtube account. It really helps.
Clicking the links above will give you a random but extremely high rated video. There are over 15,000 awesome videos indexed so click as many times as you'd like.
Save To Del.icio.us, 
Submit to Digg, 
Stumble it!