Active Infected with trojan "ACVE"

[Active] Infected with trojan "ACVE "

I am trying a post under this section first so please read to the end to understand why. The main reason for the post is a trojan called "ACVE" (not fully sure about the name as it is hiding very well). It is on another computer. I have googled ACVE, but only found programs that would help if they were on before the virus. This is why I think using another computer may work. I have taken the computer to a computer shop with a very good name where they scanned it and deleted/rebuilt the whole user file (there was too much corruption to save the user). But the virus came back the next day and increases each day. I have software that claims to be able to remove it, but ACVE blocks them from even starting and it also prevents me from searching various parts of the C drive (I have used the hunt and delete method in the past to weaken or remove various programs).

My theory is to remove the infected hard drive from the other computer and connect it to my computer, scan/remove the virus with the software on my computer, and then place it back into the original computer. Wisely, I have seen the possible "side effects" of such an action and figured I should consult someone much wiser than I first. First I don't want the virus to cross over to my computer and secondly it is a main drive and may not "like" or survive being a temporary slave drive. I have an external case that currently houses an external cd drive with a USB connection to my computer. It is designed to connect to internal hardware like a cd drive or hard drive. My computer is running XP and the infected one has XP pro.

My ultimate theory on this is that the maker of the virus may have over looked or is unable to "defend" the virus from this kind of attack. Plus this would give me the ability to safely scan (in theory) several times and check for damage to and hopefully save the confidential files stored on it. I am open to posting a virus thread, but given the strength of the virus' defences I am thinking this the best way and not the easiest to get around them, if it will work.
thanks,
greg

 

I appreciate the reply. I thought I had followed the posting instructions. I posted under the other forum first as I know very little about the virus and if a USB connection can be made, it would open up the drive to the programs I have to identify the virus. I don't have the mirror on the infected computer just yet as I was trying to prevent the virus from copying confidential files to the internet. I do have it done for my computer and plan on running it on the infected computer now that I have copied/deleted the confidential files. Do you think the mirror will show what virus it is? All I have to go on is what Malwarebytes claims is there. This is the same program that the computer shop used and said that the virus is gone. I am trying to avoid another trip to the computer shop as we really don't have the money to spend on it right now. The virus is very well defended and some cases it blocks copying them from a stick. Or worse yet, will shut them down if they get too "close" even if run from the stick.
thanks,
greg

 

Thanks. I will try this and see what happens. May be a couple of days as I am sick today.
thanks,
greg

 

Thanks. I think I am ready to attack this now. I just wanted to clarify what script blocking is. I have found various things about it on the internet, but still not 100% sure. Does it only include explorer/firefox etc? I'm not 100% sure what is on that computer, but anti virus etc are generally easy enough to turn off. It is the script blocking that has me lost.
thanks,
greg

 

Do I post a copy of the report that it generates here? I read about it on the download site and they recommend it.
thanks,
greg

 

another road block

Combofix won't start. I turned off the firewall and AVG. I have tried to run it from the USB stick as well. I also tried a "back door" approach, I have Starter installed and selected Combofix to start at startup. Still does not work. Spybot is on, but I can't start it to turn it off after I did an update, so not sure if that is what is blocking it or not. I have had a lot of trouble getting antivirus\spyware to start right away on that computer. AVG and spyware doctor all came back clean when they finally started (it took a few days). I am starting to think that the virus will corrupt scan programs etc before it will let them start. So far, Malwarebytes is the only one to "find" ACVE. I have deleted the file that it says is infected (c:windows\... dllcache\cdaudio.sys). I was able to scan with Spybot, via a right click launch at the file, but it found nothing. There is still something wrong the computer. I have had the power supply replaced within the last month, but the computer continues to restart on its own in a regular pattern. It is a short time that sometimes gets to the desktop, but if you persist it will eventually stay running as long as you want or until you restart it. It is a bit random, but mostly predictable. There is an occasional restart after an hour or 2. It will stay running even at peak capacity, so I am thinking that it's not the power supply. Scan programs or windows explorer when in certain parts of the windows file would set off a restart. This doesn't seem to be the case anymore.
I am starting to reconsider my original approach of connecting the harddrive via a USB to this computer and scanning as a slave drive. I am not sure exactly how to do it, but I do have the equipment (I think) to do it. I have an external case that converts an internal part to an external part. It currently houses an internal cd rom.
thanks,
greg