[dtw]

As long as you can boot into safe mode, this crap can be defeated.

I had in infection of the same thing you had, two weeks ago. The only non-work related thing I had open was a music lyrics site. It had to have spawned from there.

Only problem: I was at work WAYYYY after hours (IT guys gone) and am unable to boot into safe mode. Nonetheless, I still managed to beat the sucker. Using my iPhone, I surfed for some information on the plague and found the locations of the executables. I have an emergency utility called "RemoveOnReboot" which adds a "Remove on Reboot" (duh) option to the context menu. The trojan tried hard to keep me from selecting the executables for deletion - it blocks all other .exes from running. However, after a couple tries, the two major trojan executables were flagged for deletion.

I rebooted and kept on eye on process manager; the offenders did not load into memory. Then I ran CCleaner, then ran a full scan with MalwareBytes. By the time I got done with the manual deletions and the CCleaner wipe, there wasn't even anything left for MWB to clean, but I ran it just in case.

If you still have this going on and want to try the RemoveOnReboot tool, pm me and I'll email you the install file (it is only 35kb). If you can somehow get it onto the zombie system, you can fight the thing off.

In my case, a re-image wasn't an option since I had way too much going on at work. I had to clean it out of the existing image. That, and I consider it a failure as a techno-geek if I succumb to the urge to re-image.