I was at a customers site today, and had a real interesting one.
He had a browser hijacker/Malware/Virus that had been detected by Avast (or one of the three of four other AV softwares that he had installed and uninstalled in the past weeks). It was presenting annoying advert pop-ups and unwanted extra windows randomly appearing - some looked convincingly like Adobe upates etc.
It is called "ZequitaeKryoniece".
No results on Google Search or others for info on the software, No results on the offending PC with a windows search (including Hidden Folders). No results when running Junkware Removal Tool (JRT), Malwarebytes and ADWCleaner. BUT there it was running as a Windows Service - unknown author and it couldn't be stopped.
It was in C:/Program Files (x86) and could only be found if you used a DOS window to search for it.
It cannot be deleted (access denied on all attempts to delete, change attributes etc.) although my DOS skills are a bit rusty so I'm looking at this now.
However, I did manage to change MSConfig so it won't start at the PC start and deleted all references to it in the Windows Registry and then reset the PC's Web Browsers to not use a proxy server.
Several tests and re-boots seem to show the gremlin is no longer there but I'm worried about leaving a malicious program on a customer PC - even if it is "dormant"
Any ideas ?
Anyone heard of this before ?