I think this is a relatively new one as there is very little out there on the web.
Update: 05/06/2007 – Trojan.Kardphisher
My son had a Windows Activation screen up on his laptop. It was basically stating there was another user that had activated his OS. It requested a credit card number in order to prove that his activation was valid.
I actually almost filled it out, then saw that it was also asking for the card pin number. Now I figured it was odd that Microsoft might ask for a credit card, but realized it was a phishing scam when I saw the pin request.
While these screens were up, I was unable to open any other application. I noticed from the start bar, this application had a name of ‘97411420.exe’ which also seemed rather non-Microsoft-like. I turned off the machine, and started up in safe mode, I was pleasantly surprised to see the screens gone. I immediately searched the PC for any files created or modified within the last week. Low and behold, I found an executable file called ‘97411420.exe’. I deleted it and restarted the machine normally. All was well.
My assumption, however, is that the file name ‘97411420.exe’ will most likely be different if you run into this issue, but I am fairly certain you can use the same methodology to locate and remove the virus. I would imagine there is a more elaborate and probably better way of finding and eliminating this virus, but I went low-tech.
The next step was to re-establish use of my Task Manager. Once that was done, it was like it had not happened. Which I wish it hadn’t because it gave me pause to think how easy it must be to create such a beast.
Anyway… be careful out there!